Hello,

I need to concatenate two variables including strings (e-mail lists) into one.
the code I use for that is the following:

index=mlbso_changelog  sourcetype="*_crashdumps" crash_context OR crash_stack OR crash_shortinfo NOT "table of contents"| reverse
| rex field=source "\/.+_(?P<DBSID>.+)\/(?P<service>.+)\_(?<filenameend>.+)$" 
| eval filename = service."_".filenameend 
| eval PRIO = "P1"
| lookup email_groups.csv DBSID OUTPUT email_recipients_DBSID AS email_recipients_DBSID
| lookup email_groups_critical_alerts.csv "PRIO" OUTPUT email_recipients_critical_alerts AS email_recipients_critical_alerts
| eval email_recipients=email_recipients_critical_alerts+";"+email_recipients_DBSID

So, it all seems to be quite straightforward. However when one of the components is empty (email_recipients_critical_alerts or email_recipients_DBSID) then also the result - email_recipients does not get set. Actually I would expect from the concatenation to set it at least to the other component.
Could you please advise?

Kind Regards,
Kamil