Hey, splunkers!

According to my use case, I need the unicode/chinese character in the kvstore lookup. but seems like its not working as expected.

My configurations are as following:

1. collections.conf
[check_master_lookup]
field.ioc_value = string
field.type = string 

2.  trasnforms.conf

[check_master_lookup]

collection = check_master_lookup

external_type = kvstore

fields_list = ioc_id, type

 

Below  steps I am performing to fillup  the check_master_lookup lookup:

 

1. First I am creating the dummy data in one of the indexes using the following queries:

      |makeresults count=1 |eval ioc_value="\u0001\u0011\u0005\u0012\u001e\r\u001e\u001a\u001c\u0016\r\u0016\b\u001e\u001e\u0004\u0011\u0005\u0011\u0006\u0005\u0016\u001d\u001a\u001c\u0002\u001c\u000b\u000e\u0014\f\u0003" | eval type="unicode" |collect index=temp
    |makeresults count=1 |eval ioc_value="한싹시스템.doc" | eval type="chinese ch" |collect index=temp

 

2. Now fillingup the lookup using following query:
index=temp |table ioc_value,type | outputlookup check_master_lookup

result:

I can't see the ioc_value in the lookup table. Can anyone please help me with this?