I have a CSV lookup made up of two columns. IP address is the key and a customer name is the value. I believe the lookup is working correctly as I can use it to decorate the source field in the search results but I’m wanting to create a new field for customer rather than just decorating the results so I’m using a pipeline for that. But for some reason it only ever returns the default value set in the lookup table.
Below is my pipeline rule.
rule "Customer Lookup"
let c = lookup_value("Customer Lookup", to_string($message.src_addr));
Thanks. I have changed the name of the lookup so that it has no spaces but it is still returning the default value for the lookup table that I specified. The lookup table decoration still works and when I put in a key in the test lookup for the data adapter it returns the correct value which tells me there’s something wrong with the pipeline.
OK I added a debug to the code and it seems as though the $message.src_addr is empty. Is that the right variable to get the source IP address of the message?
Answered my own question. It should be $message.source. It’s working as expected now.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.