Lookup tables

Lookup tables are extension for parsing rules, which contain lists of extensions. If, for example, protocol number appears in incoming messages, you can define a list of protocol numbers and their text names (e.g. protocol 443 = HTTPS) with this function. Text name is automatically added to the message and saved in the system.

This feature is used with Lookup table search block. This block includes a list of all lookup tables, which can be used to complete information in a message.

If multicolumn lookup is enabled, it will search for first column and return list of values in remaining columns.

Tables list shows all records, defined in the system. Table shows basic information: Name (name of the lookup table), Description (description of the lookup table) and Built in (if the lookup table is integrated in the system).

Filter fields are above the table. Data may be filtered by any single column. In case of using filters above more columns, AND term is applied.

Adding a lookup table

If you need to add a new lookup table, click on the green plus icon in the main table in the upper right corner.

Enter following data into the prepared form:

Name: name of the parsing rule,
Description: description of the parsing rule,
Content: list of values specified in CSV format RFC4180, for each row is one rule in format “original_text;append_text”.

For example:
```
1,ICMP
2,IGMP
3,GGP
4,IPv4
```

Link to RFC format of CSV: https://tools.ietf.org/html/rfc4180

Recommended to use a tool, such as Excel, to generate the CSV format.

Adding of the lookup table is done by clicking on the Create button, canceling of the completed form and returning back to the main table is done by clicking on the Cancel button.

Editing a lookup table

Editing of the lookup table can be started by clicking on the blue pencil icon, which is shown by every row. Integrated lookup tables cannot be edited nor deleted.

Form identical with the form for adding of a new lookup table is now shown.

Change of the lookup table is done by clicking on the save button, canceling of the completed form and return back to the main table is done by clicking on the Cancel button.

Deleting a lookup table

Deletion of a lookup table is done by clicking on the red cross icon, which is shown by every row.

After clicking on the cross a new dialog window delete a lookup table is opened and the name of the lookup table to be deleted is shown for checking. To continue and delete the table, click on the yes button, to cancel, click on the no button.