QUESTION

How do I create an Inline Filter targeting a field whose name contains dots? For example, I want to an filter on an enrichment field that contains periods in its name: client.ipAddress.

ANSWER

When using Inline Filters with fields that contain dots in their names, you can escape the field name using double quotation marks. This tells the system to treat the dotted field name as a single entity rather than a path separator.

For example, to filter an enrichment field with a dotted name like client.ipAddress, use the following syntax:

KeyPath: p_enrichment.ipinfo_asn."client.ipAddress"