I need to do a lookup on search result with data from splunk internal. I have a log which logs when a user login and what PID that user get assigned to such as:
PID: 2938 [DATE]
22: Command [username]
In the same log the actions the user takes during the session is logged with the following format:
PID: 2938 [DATE]
22: Command [custom data]
Now i would like to generate an report using this data and translate the PID to a username using lookup. The result would be a table with Username, PID and Command.
When i search for lookup information i can find that i can do lookups from scripts or CSV files, not from Splunk queries, is it possible to do such query?
... View more