Absolutely. Just put the table into a CSV file, e.g., like
| Code | Description | Discussion |
| 100 | | requested action was initiated; expect another reply before proceeding with a new command. |
| 110 | Restart marker | reply. The text is exact and not left to the particular implementation; it must read "MARK yyyy = mmmm" where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "="). |
| 120 | Service ready | nn minutes. (Informational) |
| 125 | Data Connection | already open; transfer starting. (Informational) |
| 150 | File status | okay; about to open data connection. FTP uses two ports: 21 for sending commands, and 20 for sending data. A status code of 150 indicates that the server is about to open a new connection on port 20 to send some data. |
Set up the CSV as lookup. (See Define a CSV lookup in Splunk Web.) Then, suppose your data search returns a field named ftp_return_code. In your search, add a lookup command
| lookup mylookup Code as ftp_return_code OUTPUT Description as ftp_return_description, Discussion as ftp_return_discussion
