Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Argument | Description | Data type | ||
---|---|---|---|---|
Lookup name mandatory | Choose the lookup you want to use to enrich your table. | string | ||
Lookup field mandatory | Choose the lookup field you want to use to enrich your table. | string | ||
Key mandatory | Choose the table field you want to use to find matches with the lookup key field. | same as lookup key field | ||
|
...
We want to enrich the siem.logtrust.web.activity
table with information about the working model in each city. If we want to work more comfortably, we can isolate the data we’re interested in by using filter and grouping operations. Then, we will use the Lookup (lu) operation with this upload lookup that contains info about company offices.
Using the search window
These are the arguments needed when using the interface :
Lookup name: Company_offices
Lookup field: Office_type
Key: city
...
This is the syntax needed when using LINQ free-text query:
Code Block |
---|
from siem.logtrust.web.activity where isnotnull(city) where not isempty(city) where result = "OK" group every 1h by city, result, region select lu("Company_offices", "Office_type", city) as OfficeType |
...
The values in the Office_type lookup field will be brought into our table when the values in the city field and those in the lookup key field match. When they do not match, null will be returned.
...