EDXLookup

Learn about the EDXLookup Edge Delta OTTL extension function.

  2 minute read  

Minimum Agent Version: v1.22.0

EDXLookup performs safe map lookups with default value fallback. While OTTL provides direct map access using bracket notation (e.g., attributes["key"]), accessing a non-existent key results in a null value that can cause errors in subsequent operations. This Edge Delta extension provides a safe way to look up values in maps with a default value that’s returned when the key doesn’t exist, similar to the get() method with defaults in many programming languages.

Syntax

EDXLookup(map, key, default_value)
  • map: The map to perform the lookup on (typically attributes, resource, or a nested map field).
  • key: The key to look up in the map (can be a field reference or literal string).
  • default_value: The value to return if the key doesn’t exist in the map.

Input

{
  "_type": "log",
  "timestamp": 1735789900000,
  "body": "User event logged",
  "resource": {...},
  "attributes": {
    "status_codes": {
      "200": "OK",
      "404": "Not Found",
      "500": "Internal Server Error"
    },
    "current_status": "200",
    "missing_status": "999",
    "severity_map": {
      "error": "high",
      "warn": "medium",
      "info": "low"
    },
    "log_level": "debug"
  }
}

Example

set(attributes["status_message"], EDXLookup(attributes["status_codes"], attributes["current_status"], "Unknown Status"))
set(attributes["unknown_status_message"], EDXLookup(attributes["status_codes"], attributes["missing_status"], "Unknown Status"))
set(attributes["severity"], EDXLookup(attributes["severity_map"], attributes["log_level"], "low"))
set(attributes["priority"], EDXLookup(attributes["severity_map"], "critical", "unknown"))

Output

{
  "_type": "log",
  "timestamp": 1735789930000,
  "body": "User event logged",
  "resource": {...},
  "attributes": {
    "status_codes": {
      "200": "OK",
      "404": "Not Found",
      "500": "Internal Server Error"
    },
    "current_status": "200",
    "missing_status": "999",
    "severity_map": {
      "error": "high",
      "warn": "medium",
      "info": "low"
    },
    "log_level": "debug",
    "status_message": "OK",
    "unknown_status_message": "Unknown Status",
    "severity": "low",
    "priority": "unknown"
  }
}

The EDXLookup function has safely performed map lookups: found “OK” for status code 200, returned “Unknown Status” for non-existent status code 999, returned “low” default for missing “debug” key in severity map, and returned “unknown” default for missing “critical” key.