Hi Team 

Can you please help me to provide a solution to use a csv file with the external vs internal user id data in the splunk. 

Below is the current query and output that extracts the internal userid and i need another column to add corresponding external user id. 

Csv file : ABC.csv 

usr_id,eml_add_ds

internal user id 1 , external user id 1
internal user id 2 , external user id 2
internal user id 3 , external user id 3
internal user id 4 , external user id 4
Query : 

(index=ABC) ("Start" OR "Finish")   Properties.AspNetCoreEnvironment="*"
| rex field=Message "Start:\s*(?<start_info>[^\s]+)"
| rex field=Message "user\s(?<Userid>[^\took|.]+)"
| search start_info=*
| table Userid
| sort time

Output :