I have very little experience on Splunk, need your help with my search.
I have a lookup with list of malicious domains and URLs. I need to get alerted if accessed URL contains any of the domains or URL's in lookup.
My below search isn't working!
|search [inputlookup domains.csv | fields url ]
Maybe this will match only when URL is the same as in the list. Please help!
Also, we have datamodel related 'networktraffic' and 'paloalto'.. But I don't know how to use them 😞