I have a list of malicious websites, which I would like to upload in SPLUNK and monitor if any users are trying to access malicious sites.
Can you please help me with that?
Assuming you are monitoring the sites your users visit, just create a lookup file with your malicious sites then craft an alert that compares the visited sites to the lookup. Trigger the alert when there are results.
Why did you accept the answer if your problem is not resolved?
When you create a lookup (Settings->Lookups->Lookup table files, New Lookup Table File) you will be given the opportunity to upload a file from your computer. Once you do that and click Save the lookup is created.
To create an alert you must first create a search for events that will trigger the alert. Use your knowledge of your data to do that. Include the lookup table as a list of sites for filtering the events.
<your search for site visits> [ | inputlookup malicious_sites.csv | field site | format ]
When you get the desired results, save the search (click Save As) as an alert. The triggering condition (you'll see it in the form) is "number of results" "is greater than" 0.