Hi All, Still learning the ropes here, but am making some dashboards and could use some help with a lookup table. I have a panel that gives me the top 10 used ports leaving my router. Would like to match the dest_port with a description for what runs on said port, which is contained in the lookup csv. I've imported my CSV into Splunk (port_descriptions.csv) and it has 3 colums: protocol, port, description Here is a quick shot of what it looks like: protocol port description TCP 0 Reserved TCP 1 Port Service Multiplexer TCP 2 Management Utility TCP 3 Compression Process Here is my current search, index=nwk AND action=allowed AND protocol=TCP | top dest_port | rename dest_port AS "Destination Port" | rename count AS "Hits" | rename percent AS "Percent of Top 10" I've tried adding the following, but it seems to give me different results than the original search above. Not sure if i should also have the search map the protocol, too? | lookup port_descriptions.csv port AS dest_port | top dest_port by description Anyway, if you've come this far, thanks for reading and trying to help a noobie out. ... View more