Hello!
I'm currently trying to compare the value of a field with a csv table.
I want to compare the destination port (dst_port) with the values of pwhitelist.csv and display the ports that are not included in the csv data.
For example: the csv file consists of the ports 80, 8080, 443 and 8000 want to display all dst_ports that are not 80, 8080, 443 or 8000.
Thanks
yourBaseSearch NOT [|inputlookup pwhitelist.csv | fields Ports | rename Ports AS dst_port | format]
yourBaseSearch NOT [|inputlookup pwhitelist.csv | fields Ports | rename Ports AS dst_port | format]
Hey!
Doesn't work. It just lists all ports.
In the file there are just a few ports. At the moments it's just for testing.
pwhitelist.csv:
In the file is only one column with the header "Ports".
The values 80,443,8000,8080 are in that column.
I edited my answer, please try the new version. If dst_port isn't the field name in your index, then change it to the field name you have for the ports in your indexed data.
thanks so much ! it worked