I have a CSV file as lookup table which contains IP address and timestamp as fields. I need to perform a search in an index which filters out results with matching IPs and timestamps in the lookup table.
I can filter out events with matching IPs with the following search string:
index = index [|inputlookup lookuptable.csv | table src_a | rename src_a as src]
The thing I just can't figure out is how could I match events with _time field and timestamp field in the lookup table. Timestamps in the file follow the same format as _time, for example, 2020-02-24T12:10:10.000+02:00
What should I add to the search string to match timestamps as well?
Thanks in advance!
... View more