lookupAndReplace
Updates a specified alert field with a static value if any listed alert fields contain a text substring or match against a regular expression.
For example, you can search both the class and description fields for the words "router" or "switch" while also searching for the regular expression representing a network interface: "eth\\d+". In case of a match, you can update the custom_info.key field to the static value of "network." Then you can configure a Cookbook recipe to use the custom_info.key field for clustering.
This function is available for alert and enrichment workflows.
The workflow sweep up filter applies to this function.
Back to Workflow Engine Functions Reference.
Arguments
Workflow Engine function lookupAndReplace takes the following arguments:
Name | Required | Type | Description |
|---|---|---|---|
| Yes | Object | An array of words to look for. |
| Yes | Object | An array of regular expressions to test for. Use JavaScript notation for regular expressions. |
| Yes | Object | An array of alert fields to check. Allows |
| Yes | String | Alert field to update if one of the inFields contains a word from the |
| Yes | String | Static value to set for the |
Example
The following example demonstrates typical use of Workflow Engine function lookupAndReplace. Set the following to search for network related terms in the class or description fields and set the custom_info.key field to "network":
wordList: ["router","switch"]reList: ["eth\\d+","network"]inFields: ["class","description"]alertField: custom_info.servicesvalue: network
The UI translates your settings to the following JSON:
{"wordList":["router","switch"],"reList":["eth\\d+","network"],"inFields":["class","description"],"alertField":"custom_info.key","key":"network"}The following example data matches the lookup criteria:
"class":"network", "description":"Communication link failure."
"class":"", "description":"Router failed."
"class":"", "description":"Interface eth0 down."
For all matching cases, the Workflow Engine updates the custom_info field as follows:
"custom_info": {"key": "network"}The following data does not match the lookup criteria so the custom_info.key field remains unchanged:
"class":"", "description":"Error establishing database connection."