What are the pros and cons to using an external lookup script vs a custom search command when the purpose is simply to augment your results with additional fields based on a given field?
Here is my scenario: I have a field that contains a hexadecimal value that contains several bit-level encoded fields (5 single bit flags, some multi-bit lookups, and a multi-bit value). I've written a python function that will take in the hex field and return a dictionary of new fields, and now I'm wondering which approach is better.
I've tried both approaches and found the following:
eval
, but that may not always work.)[searchscripts/my_lookup.py]
entry, since I don't think you can setup these permissions via the UI yet.)getinfo
does let you do more of this without as many restarts.Please let me know if you have additional thoughts or if you find any mistakes in either of these lists.
Practically speaking, it's a good idea to wrap all of this in a macro, that way if you ever change your mind about which approach to use there are no changes to existing searches. And, if your new approach breaks, you can switch back quickly.
I've tried both approaches and found the following:
eval
, but that may not always work.)[searchscripts/my_lookup.py]
entry, since I don't think you can setup these permissions via the UI yet.)getinfo
does let you do more of this without as many restarts.Please let me know if you have additional thoughts or if you find any mistakes in either of these lists.
Practically speaking, it's a good idea to wrap all of this in a macro, that way if you ever change your mind about which approach to use there are no changes to existing searches. And, if your new approach breaks, you can switch back quickly.