Not sure how that comment relates to the original question (which was about dynamic IP addresses), but I see a few options to deal with getting multiple matches from your lookup:
Haha sorry for the confusing questions. Thanks for the answer anyway I will try it out now!
This is the sample dataset I have for my lookup`
I am trying to use the lookup dataset to output the siem_severity field. The commands are as shown below
However, as you can see there are events with two output-ed "severity_level". I want an events to only display one level of severity
Hi LeeZeeYuen,
just give us a bit more description so we are able to help you.
Maybe some screenshots or example events.
Thanks!
This is the dataset that I am currently using
link text
I need to use the dataset for lookup to output the field "siem_severity". The command used are shown below
link text
However, using this command will cause certain events to have two "severity_level" value
link text
I need to find a solution to only display one "severity_level" value.