Versions Compared

Old Version 1

changes.mady.by.user Jonas Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Jonas Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Given an input string and a list of patterns, find which pattern best matches the input string and the confidence of the match.

Operator Usage in Easy Mode

  1. Click + on the parent node.
  2. Enter the Pattern Lookup operator in the search field and select the operator from the Results to open the operator form.
  3. In the Event Table drop-down, enter or select the name of the table.
  4. In the Message Column, enter the column name in an eventTable to match the patterns.
  5. In the Pattern Table drop-down, enter or select the table that contains patterns for lookup.
  6. In the Pattern Column drop-down, enter or select the name of the column that contains patterns in a patternTable.
  7. In the Marker Column drop-down, enter or select the column name that contains markers in a patternTable.
  8. In the Name Column drop-down, enter or select a column name that contains 'name' in a patternTable.
  9. In the Pattern Type Column drop-down, enter or select a column name that contains 'patternType' in a patternTable.
  10. In the Threshold field, enter a threshold value.
  11. Click Run to view the result.
  12. Click Save to add the operator to the playbook.
  13. Click Cancel to discard the operator form.

Usage Details

LQL Command

Code Block
patternLookup(eventTable, column, patternTable, patternCol, markerCol, nameCol, patternTypeCol, threshold)

...

The table with additional columns: patternName, isExactMatch, matchConfidence, matchPattern, patternValue and isPattern

Example

Input
eventTable(id, col1)

...