Hello,
I have a lookup file called fs_src_mac_tg.csv
has two columns:
src_mac and exists
src_mac = a list of mac addresses
exists = yes
search:
index=myindex | stats count by src_mac signature | lookup fs_src_mac_tg.csv src_mac OUTPUT exists | fillnull value="no" exists | search exists="no"
what I'm looking to get is if a mac in the lookup file has not been seen in my search, report that src_mac
Thanks in advance for the help.
↧