I have downloaded the ASA app and am unable to get auto lookups to work. They work if I add local=t to the search time command:
```index=1000_proxy sourcetype="bluecoat:proxysg:customclient" user=seanity src_ip="10.5.29.17" | lookup local=t asn ip AS dest_ip OUTPUTNEW autonomous_system AS org |table org```
This is a standalone search head not distributed. What am I missing here?
↧