I have a lot of experience with Splunk and I am trying to understand the equivalent concepts in ELK. Is there a lookup table option/ concept (similar to: http://docs.splunk.com/Documentation/Splunk/7.0.0/Knowledge/Addfieldsfromexternaldatasources) where you can load CSV or other files and create an index to compare existing data against?
Not in the Elastic Stack, you do that upfront instead, which makes querying faster.
What's the best way to import a CSV file with data?
At this stage it's Logstash with the CSV filter.
Do you have a link or reference on how this could be set up?
https://www.elastic.co/guide/en/logstash/current/plugins-filters-csv.html hope this helps!
Thanks
Rashmi