I have a log file in a table structured form like this,
Code send_id dest_id
AW 96 45
BX 65 78
Now here I have to change that send_id column id's to the name(like 96 = Alex and 65= James) and regenerate the log file like the below format.
Code send_id dest_id
AW Alex 45
BX James 78
How do I extract it and again regenerate it after changing?
you can replace send_ids with name as you described, but this would be pain for you if there are high number of IDs for which you want to translate.
Scenario 1 : you can convert them using Search Processing Language.
| your search and add below search to your search
| eval send_id=case(send_id=="96","Alex",send_id=="65","James")
Scenario 2: where you can make use of Splunk knowledge objects - Lookups
I have made a video on how to use Lookups, you can find it useful.
https://www.youtube.com/watch?v=cwEzgY0lAts&t=456s