we have threat logs from firewall. That log contains a signature, which is captured under signature field. my requirement here is to white list 3 fields(signature, source and destination) simultaneously. What i am currently doing is create a lookup table, that 3 columns(signature, source and destination) and their respective value.
I am using the below query, however its doesnt work
index= firewall NOT[|inputlookup whitelist.csv | fields signature,source,destination]
... View more