How-To: Create a shorthand process lineage in the field processLineage

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Page was created:8 Mar 2024

If you want to identify the source or trigger of an event but lack the necessary data, you can create a new field and set of values based on other fields in the existing data without having to re-ingest:

logscale

//First set a default value
| default(field=GrandParentBaseFileName, value="Unknown")
//Then create the string using the following format:
| format(format="%s > %s > %s", field=[GrandParentBaseFileName, ParentBaseFileName, FileName], as="processLineage")

Knowledge Base

How-To: Create a shorthand process lineage in the field processLineage

Enter search term