inputlookup
Description
Retrieves data from the reference database.
Syntax
... | inputlookup <lookup-name> [max=<int>] [system=<bool>]
Required Arguments
| Parameter | Syntax | Description |
|---|---|---|
lookup-name | <lookup-name> | Name of the predefined lookup. |
Optional Arguments
| Parameter | Syntax | Default | Description |
|---|---|---|---|
max | max=<int> | Integer.MAX (2147483647) | Maximum number of events to fetch. |
system | system=<bool> | false | When set to true, a system lookup is requested; otherwise, a user lookup is performed. |
Example Queries
Example #1
| inputlookup my_lookup system=true
Example #2
| inputlookup my_lookup max=2
Example #3
| inputlookup my_lookup | aggs count(geo_ip) as ip