Thanks @aholzer and @somesoni2 for your quick reply. Join indeed is the command that I have to use. However, I'm still having a problem with my query. When I'm doing the join, the matching between both searchs is not 100% accurated as there are some false positives included as a result of the query. For instance:
Sourcer type 1 (dns)
Domaingood1
Domaingood2
Domaingood3
Maliciousdomain1
Maliciousdomain2
Domaingood3
Sourcer type 2 (maldomains)
Maliciousdomain1
Maliciousdomain2
Maliciousdomain3
Result of the query
Maliciousdomain1 --> OK
Maliciousdomain2 --> OK
Domaingood3 --> False positive
In order to debug this error, I have split the left side (the search to obtain the domains resolved by the DNS) and right side (the malicious domains) of the join in a different search and saved the results in two different files (csv files). So, I have one csv with the domains resolved by the DNS and another csv with the malicious domains. After that, I did the join of both csv files in order to verify whether the result is the same:
| inputlookup dns.csv| join value [inputlookup feesII.csv |fields value]
The output of this query is 100% correct and shows the results desired without falses positives. So, I don't understand why the first query is showing falses positives.
Does anyody have an idea?
Thank you in advance,
Cheers
... View more