I have a lot of experience with Splunk and I am trying to understand the equivalent concepts in ELK. Is there a lookup table option/ concept (similar to: http://docs.splunk.com/Documentation/Splunk/7.0.0/Knowledge/Addfieldsfromexternaldatasources) where you can load CSV or other files and create an index to compare existing data against?
1 Like
Not in the Elastic Stack, you do that upfront instead, which makes querying faster.
What's the best way to import a CSV file with data?
At this stage it's Logstash with the CSV filter.
Do you have a link or reference on how this could be set up?
https://www.elastic.co/guide/en/logstash/current/plugins-filters-csv.html hope this helps!
Thanks
Rashmi
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.