Putting It All Together (Exact Match)
In this first Lookup implementation, we:
- Configured a default Destination.
- Configured a Source, based on a datagen of
apache_commonlogs. - Captured some sample data to aid our Pipeline design.
- Designed a Pipeline that:
- Extracts fields using regex.
- Associates one of those fields with a Lookup table.
- Uses a correlated field to sample events, based on a value from the Lookup table.
So, to sum up, we used the Lookup Function to transform codes into human-readable values, and we used those values to sample less-relevant data, reducing overall data volume.
In our next example, we'll leverage one of the Lookup Function's secret weapons – the ability to use regular expressions (instead of exact matches) to correlate data.