I have created a lookup table for the blocked dns/url. I want to see if there are anywhere in my logs or in my environment. May you help with a query. For example if I have example.net on my lookup table what query can I use that returns all logs with example.net?
Hi @waJesu
you should give us some sample logs and the lookup table few lines sample.. then only SPL can be created easily.