Enrich (enrich)
Look up values in a CSV or Sqlite database and add matching fields.
Contents
Fields
| Field | Type | Required | Description |
|---|
description | string | | describe this step. |
condition | lua-expression (string) | | Only run this action if the specified condition is met. |
lookup | enrich:lookup | ✅ | CSV file or Sqlite file containing enrichment information. |
dynamic | boolean (bool) | | The lookup file may not exist at job creation time. |
add | Add | | A field value to add to the event. |
event-fields | Event Fields | | Add multiple fields to a single event based on a single match, providing a default. |
match | Match | | Match event values against lookup column values. |
suppress-warnings | boolean (bool) | | Suppress warnings generated by this action. |
Add Fields
| Field | Type | Required | Description |
|---|
event-field | string | ✅ | Field name to be added to the event. |
lookup-field | string | ✅ | Field (CSV header) to lookup data to be place in event-field. |
default-value | object | | YAML formatted default value if the event is empty. |
Match Fields
| Field | Type | Required | Description |
|---|
type | symbol | ✅ | The type of the match. |
event-field | string | ✅ | field containing the value to lookup. |
lookup-field | string | ✅ | name of CSV or database field to be compared. |