I have enabled a notable in ESapp, which triggers if it finds any ip available from localip_intel.csv.
Now I got a notable for one IP address, which I don't want it present in that list.
when I start searching, that IP is not available in localipintel.csv.
but i can see a foot print in "ESApp"-->"Threat Artifacts"--> "network" dashboard with source path "/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/lookups/localip_intel.csv"
What might be causing, this false alert from ES_app where IP is not available in source csv file.