Hi all,
I’m miss something obvious here I’m sure.
I’m trying to get a multi variable lookup working from a csv.
I can get single variable working with no issue.
I can then put a larger csv in, the data adapter comes back with all the multiple fields.
But when I build it into a pipeline, so a search in this case for the key which is a IP. It Isn’t filling in the new variables I set for each multi variable that is outputted.
Can one point me at a good example I can follow please?
Check with a test-lookup to your lookup-table how the multi-value looks like. Here how I made a similar pipeline:
Result from test-lookup
{
“single_value”: 13335,
“multi_value”: {
“as_number”: 13335,
“as_organization”: “Cloudflare, Inc.”
},
“string_list_value”: null,
“has_error”: false,
“ttl”: 9223372036854776000
}
Pipeline:
rule “pr_geoip_dst_org”
when
has_field(field : “dst_ip”)
then
let dst_ip_raw = lookup(“geoip-lookup-asn”, to_string($message.“dst_ip”));
set_field(“dst_org”, lowercase(to_string(dst_ip_raw[“as_organization”])));
set_field(“dst_asn”, lowercase(to_string(dst_ip_raw[“as_number”])));
end
Regards,
Remo
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
