I have a csv file which has field Account and it has over 1000+. In my logs it is named as yourAccount. how do i find the all the account logs from that csv file. Also can i rex the field and have the table for that as well in same query?
yourAccount isnt a field name i have to regex it. Can i rex field yourAccount and search with only the account that i have in csv file?
Hi @DougiieDee you can try to rename the Account field in csv to yourAccount to get the all results from both fields.
example
index=foo sourcetype=bar | table yourAccount | lookup file.csv Account as yourAccount
