Solved: Re: How to use a Lookup File with Multiple Static ...

chrisschum · ‎03-24-2023

We have a standard configuration for our workstations. Several of the fields are static but some are dynamic (but these have a fixed length).

I want to use a lookup table of all the values and apply automatically to a sourcetype.

But I'm not sure how I would go about matching the fields/values with a Lookup Definition.

The standard is

So a machine may be named LBL1HRSSABC1234 indicating it's a laptop in Building 1 in HR Services that is Shared with an asset tag of ABC1234.

How could I use a lookup with these 4 static and 1 dynamic values to populate said values when a search is done on a particular host name.

I should mention that I'm confortable creating the lookup and applying it, just not how to get it to match on the criteria above.

Thanks in advance!

yuanliu · ‎03-24-2023

This is not a job for lookups. Use regex-based transformation.

"(?<device_type>.)(?<building_code>...)(?<department_code>...)(?<function>.)(?<asset_tag>.{7})"

yuanliu · ‎03-24-2023

This is not a job for lookups. Use regex-based transformation.

"(?<device_type>.)(?<building_code>...)(?<department_code>...)(?<function>.)(?<asset_tag>.{7})"

chrisschum · ‎03-27-2023

That worked like a charm! Thank you!

How to use a Lookup File with Multiple Static or Dynamic Values?