The lookup command is a distributable streaming command when local=false, which is the default setting. Syntax: Description: A field in the events. Syntax: Description: Refers to a field in the lookup table to be copied into the events. Syntax: Description: Refers to a field in the events from which to acquire the value to match in the lookup table. Default: false Syntax: Description: Refers to a field in the lookup table to match against the events. This does not apply to searches that are not real-time searches. Default: false update Syntax: update= Description: If the lookup table is modified on disk while the search is running, real-time searches do not automatically reflect the update. Optional arguments local Syntax: local= Description: If local=true, forces the lookup to run on the search head and not on any remote peers. | lookup AS, AS OUTPUTNEW AS, AS Required arguments Syntax: Description: Can be either the name of a CSV file that you want to use as the lookup, or the name of a stanza in the nf file that specifies the location of the lookup table file. Note: The lookup command can accept multiple lookup and event fields and destfields. The lookup command supports IPv4 and IPv6 addresses and subnets that use CIDR notation. Use the lookup command to invoke field value lookups.įor information about the types of lookups you can define, see About lookups in the Knowledge Manager Manual.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |