Hi, I am new at Splunk and I'm following the lab in Enriching Data with Lookups, where I'm requested to exclude a value using the Flter Lookup. I have a Lookup definition based on knonwusers.csv In the video it doesn't explain or show any example for this specific field. I have tried the following: user NOT (root OR mail OR apache) user <> (root OR mail OR apache) |inputlookup knownusers.csv |eval user NOT (root OR mail OR apache) And nothing is working. Could you please tell me what am I doing wrong?
... View more