Versions Compared

Old Version 22

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 23

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
stylenone
typeflat
printabletrue

...

Argument

Description

Data type

Lookup name mandatory

Choose the lookup you want to use to enrich your table.

string

Lookup field mandatory

Choose the lookup field you want to use to enrich your table.

string

Key mandatory

Choose the table field you want to use to find matches with the lookup key field.

same as lookup key field

Info

Existing lookups required

To perform these operations, it is necessary to have existing lookups ready for use (visit this article to get help uploading lookups and this article to get help creating query lookups).

...

We want to enrich the siem.logtrust.web.activity table with information about the working model in each city. If we want to work more comfortably, we can isolate the data we’re interested in by using filter and grouping operations. Then, we will use the Lookup (lu) operation with this upload lookup that contains info about company offices.

Using the search window

These are the arguments needed when using the interface :

  • Lookup name: Company_offices

  • Lookup field: Office_type

  • Key: city

...

Using free-text query

This is the syntax needed when using LINQ free-text query:

Code Block
from siem.logtrust.web.activity
where isnotnull(city)
where not isempty(city)
where result = "OK"
group every 1h by city, result, region
select lu("Company_offices", "Office_type", city) as OfficeType

Result

The values in the Office_type lookup field will be brought into our table when the values in the city field and those in the lookup key field match. When they do not match, null will be returned.

...