I'm currently trying to compare the value of a field with a csv table.
I want to compare the destination port (dst_port) with the values of pwhitelist.csv and display the ports that are not included in the csv data.
For example: the csv file consists of the ports 80, 8080, 443 and 8000 want to display all dst_ports that are not 80, 8080, 443 or 8000.
Doesn't work. It just lists all ports.
In the file there are just a few ports. At the moments it's just for testing.
In the file is only one column with the header "Ports".
The values 80,443,8000,8080 are in that column.
I edited my answer, please try the new version. If dst_port isn't the field name in your index, then change it to the field name you have for the ports in your indexed data.