Hi, We maintain a lookup table which contains a list of account_id and some other info as shown below.
| account_id | account_owner | type |
| 12345 | David | prod |
| 123456 | John | non-prod |
| 45678 | Nat | non-prod |
In our query, We use a lookup command to match enrich the data using this lookup table. we match by account_id and get the corresponding owner and type as follows.
| lookup accounts.csv account_id OUTPUT account_owner type
In some events (depending on the source) , the account_id values contains a preceding 0 . But in our lookup table, the account_id column does not have a preceding 0.
Basically some events will have account_id = 12345 and some might have account_id=012345.
They both are same accounts though. Now, The lookup command displays the results when there is an exact exact matching account_id in events, but fails when there is that extra 0 at the beginning.
How to tune the lookup command to make it search the lookup table for both the conditions - with and without preceding 0 for the account_id field and even if one matches, it should produce the corresponding results ?
Hope i am clear. I am unable to come with a regex for this.
