Hi Team
Can you please help me to provide a solution to use a csv file with the external vs internal user id data in the splunk.
Below is the current query and output that extracts the internal userid and i need another column to add corresponding external user id.
Csv file : ABC.csv
usr_id,eml_add_ds
internal user id 1 , external user id 1
internal user id 2 , external user id 2
internal user id 3 , external user id 3
internal user id 4 , external user id 4
Query :
(index=ABC) ("Start" OR "Finish") Properties.AspNetCoreEnvironment="*"
| rex field=Message "Start:\s*(?<start_info>[^\s]+)"
| rex field=Message "user\s(?<Userid>[^\took|.]+)"
| search start_info=*
| table Userid
| sort time
Output :
