Adding a CSV enrichment source

At times, the information that you want to enrich with might be available in the CSV file format. To add a CSV enrichment source, ensure that the file meets the following requirements:

• First row in the file is the header or field name.
• Contains the field with which a log entry is matched and mapped for enrichment. For example, you want to enrich the user_id field in your logs with the information present in the sample CSV file. While creating an enrichment policy, you will match the user_id field in logs with the UID column in CSV.
  

To add a CSV enrichment source

1. Click Enrichment > Enrichment Sources.
2. Click Create.
3. From the Type list, select CSV.
4. Enter a name and description for the source.
   These names appear in the enrichment policy while setting up CSV enrichment. Use a name that will help you to identify the source and the enrichment that you want to apply.
5. Click Attach CSV File and browse the CSV file.
   All the columns of the uploaded CSV are displayed in Target Fields.
6. From the Enrichment Fields > Source Field list, select the CSV column name with which you want to match a field in the logs.
   For example, select the UID field present in the CSV file with which you will map the user_id field in logs. This mapping is done while creating an enrichment policy.
7. (Optional) In Enrichment Fields, remove the fields that you want to exclude from enrichment.
8. Enable and save the enrichment source.
   On the Enrichment Sources page, a filter is added for each type of source.
   
   You can edit, disable, and delete the source by using the Actions menu.