Support for matching in-line query results against a table or list that includes key/value pairs

[jimishs]

Is your feature request related to a problem? Please describe.

Im trying to do a real time search against a (static/dynamic) table of values (sometimes referred to as a lookup table). I need to run a query that shows only those results where the IP addresses in the log/document, matches one of the values in the lookup table.

Describe the solution you'd like

This feature can have broad applicability - Imagine you want to monitor the activity of all users who are leaving for another team or company, or imagine if you are investigating intruder activity into specific list of executive accounts. The examples are many as this is a very useful feature that can also be used by other plugins to filter out the data they process. Since the lookup table can change dynamically, the same query can yield different results if its rerun at a different time.

We should support to execute a query against a pre-created or inline lookup table that can contain multiple fields to use as filter criteria for the query.

Describe alternatives you've considered

We also dont support providing a comma separated list of values as a filter criteria within dashboards.

[joshuarrrr]

@jimishs It sounds like your particular pain point has to do with the limitations of current filter definitions, where it's impractical to create a filter that is essentially an allowlist of many different values. And secondarily, it would be even better if the filter could be dynamic, rather than just a static list.

Did I understand the basic problem correctly?

[joshuarrrr]

Note that the request for comma-separated multiple values should be straightforward and is captured in https://github.com/opensearch-project/oui/issues/661