...
Source | Lookup table type | Description |
|---|---|---|
External file | Upload | External lookup tables uploaded as a .csv file. External sources may include lists of values, geo-localizations, or extracts from a database. Learn here how to upload external data as a lookup table. |
Query data | Static query | These lookup tables are created using query data from a specified period of time. See Create a lookup table from a query to learn more. |
Dynamic query | These lookup tables are fed with new data events every 5 minutes. Rows with duplicated key values will be overwritten. See Create a lookup table from a query to learn more. | |
Time range lookup | Both static and dynamic query lookups can be created as a time range lookup. To create these lookups, you must choose a timestamp type field that will dictate the lookup values to be inserted. That is to say, the same entry of your key field must be matched with different results depending on the specified date. Learn more here. |
Use cases
Here are some common use cases that demonstrate how lookup tables can be used.
Converting codes into names
...
Add values to classify or filter events
Lookup tables can be used categorize events according to their IPs.
Associate an IP to known threats.
Group IP by types of devices: servers, portable computers, printers.
For example, lookup Lookup tables can be used to enrich a data table containing information about a manufacturing company's robots.
...