outputlookup
Description
Writes search results to a table (or file).
Syntax
...| outputlookup <lookup-name> [append=<bool>] [key_field=<bool>]
Mandatory Arguments
| Parameter | Syntax | Description |
|---|---|---|
lookup-name | <field> | The name of the predefined lookup. |
Optional Arguments
| Parameter | Syntax | Default | Description |
|---|---|---|---|
append | append=<bool> | false | true — appends existing data; false — ignores existing data. |
key_field | key_field=<boolean> | false | true — appends data matching by _id; false — appends data while ignoring _id. |
Query Examples
Example #1
source radius_logs
| dedup user
| outputlookup test_lookup append=true keyfield=true
Example #2
source radius_logs
| outputlookup my_lookup