Enrich Event Text via File
This functionality allows you to attach or replace text from events recorded in a repository when searched. You can do this by creating CSV (comma-separated values) files and uploading them to the repository. These files can be used together with query functions.
Creating a New File
Click Files tab and then click and select .
Specify a name for the file and then select either to create an empty file to populate or to use a template from a previously installed package.
Click to add rows and columns.
Click to save the changes and once saved you can download the file by clicking .
Figure 46. Load CSV File
Editing a data table through the Files interface page can be tedious. If you have many changes to make, you can download the file by clicking the button and then edit it in a spreadsheet program or a simple text editor.
Uploading a File
Click Files tab and then click and select .
Browse for the file to upload and click .
You can upload a CSV file containing text like what you see below, which is essentially a lookup table that you can use for labels or value lookups.
userid,ip,username,region
1,"212.12.31.23","pete","EU"
2,"212.12.31.231","bob","EU"
3,"98.12.31.21","anders","EU"
4,"121.12.31.23","jeff","US"
5,"82.12.31.23","ted","AU"
6,"62.12.31.23","annie","US"
7,"122.12.31.23","joe","CH"
8,"112.11.11.21","alice","CH"
9,"212.112.131.22","admin","RU"
10,"212.12.31.23","wendy","EU"
Once it has been uploaded, it will look like what you see in. You would
use such a data table together with the lookup()
and match() functions to add labels to the results
of a search. Notice that the values are in quotes, except for the ones
for userid, which are integers. See the Lookup API
reference page for more information on this topic.
Once you've uploaded a CSV file, you can edit the data and click to add rows and columns, once you have finished click .