The Upload File Action creates a CSV file from the events and uploads the file to LogScale in the repository/view of the action. The CSV file can then be used in the match() function.

Figure 225. Configuring Upload File Action

Whenever the action triggers, the file is overwritten. This means that the action must receive all events necessary to populate the file, and not just the changes since the action was last triggered.

It is recommended to use this action with a search that only returns the fields that are needed as columns in the CSV file. This can, for instance, be achieved by using the select() query function.