sorry I am fairly new to Splunk and not sure how to go about getting my search to work so I apologize if I am using the wrong terms.
I have imported a csv file, what I want to accomplish is in imported csv file I have a field that I want to match with another search
so if any other log matches with the csv field I want it to show me what matched
I was thinking something like
index=bob sourcetype=scanner
| join type=inner [| lookup csvfile]
| table myresults
index=bob sourcetype=scanner [ |inputlookup csvfile | table field1]
|table myresults
Should do the trick. This is basically saying | search IN fieldList
, or a typical IN clause in other languages. There are a bunch of other ways to do this if you're later in your search, but for the initial search clause this is a good option.