FAQ: How do I use match() to query a lookup table? | Knowledge Base | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Page was created:26 Mar 2024

FAQ: How do I use match() to query a lookup table?

You can use match() and select() to query a lookup table.

Note

The specified lookup table must exist under Files. In this instance, we'll check for common ports and create a new field with their associated protocol.

logscale

#event_simpleName=NetworkListenIP4
| match(file="service-names-port-numbers.csv", field=LocalPort, include=ServiceName, ignoreCase=true, strict=false)
| select([@timestamp, aid, LocalPort, ServiceName, RemoteAddressIP4])

Enter search term