Default fields and continuing Lookups until succeed

BargiBargi · February 24, 2023, 5:00pm

Hi,

Might be a bit of a strange request but here goes.

“Default Value” use current value
In the case where a Lookup/Reverse DNS/etc can’t find anything it returns undefined, is it possible default to the existing Lookup Field value?
Where a lookup fails to return anything, is there a way to drop through to another lookup and so on until something is returned?

Context here is resolving IP addresses and either replacing and/or adding it to an event. If it can’t resolve it by either lookups or Reverse DNS lookups then simply return the IP.

JonRust · February 24, 2023, 6:12pm

In both cases, you should be able to have a rule after that checks for the field value as a filter. If the field value is null or ‘xyz’ or whatever, then fire off the secondary rule.