Preview And Output Several Lookup Files as Events With readFile()
Preview and output each .csv file as several events using the readFile() function
Query
readFile(["file1.csv", "file2.csv"])Introduction
The readFile() function can be used to preview
content in more CSV Lookup
Files. The advantage of using the readFile()
function instead of the match() function, is that
the lookup will not be matched against data.
In this example, the readFile() function is used to
preview and output several lookup files as events. The files will be
outputted in the order specified in the file parameter. For each file,
the rows will be outputted as events in the order they are in the file.
Example incoming data from file1.csv might look like
this:
| host_name | host_id |
|---|---|
| DESKTOP-VSKPBK8 | 1 |
| FINANCE | 2 |
| homer-xubuntu | 3 |
| logger | 4 |
Example incoming data from file2.csv might look like
this:
| host_name | host_id |
|---|---|
| DESKTOP-1 | 5 |
| DESKTOP-2 | 6 |
| DESKTOP-3 | 7 |
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Augment Data] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
readFile(["file1.csv", "file2.csv"])First outputs all the rows from
file1.csvas events, then outputs all the rows fromfile2.csvas events. The rows maintain their original order.If you aim to preview the content of large files, __ls_shortname recommends always including the
limitparameter to ensure optimal UI performance. For example:readFile([file1.csv, file2.csv], limit=6). Note that the files will be outputted in the specified order, until the limit has been reached. Iffile1.csvhas 4 rows andfile2.csvhas 3 rows, then the query will output all rows offile1.csvand 2 rows offile2.csv.If the files are utilized as data input for further manipulation, the
limitparameter can be omitted. Event Result set.
Summary and Results
The query is used to preview and output content in several CSV Lookup
Files as events. The readFile() function can also
be used to read tables defined with the
defineTable() function.
Sample output from the incoming example data:
| host_id | host_name |
|---|---|
| 1 | DESKTOP-VSKPBK8 |
| 2 | FINANCE |
| 3 | homer-xubuntu |
| 4 | logger |
| 5 | DESKTOP-1 |
| 6 | DESKTOP-2 |
| 7 | DESKTOP-3 |
Sample output from the incoming example data with
limit parameter:
| host_id | host_name |
|---|---|
| 1 | DESKTOP-VSKPBK8 |
| 2 | FINANCE |
| 3 | homer-xubuntu |
| 4 | logger |
| 5 | DESKTOP-1 |
| 6 | DESKTOP-2 |