I have a data set of around 40k of IP Addresses that are known bad IP's. I am wanting to query that data set against an index in my stack. When I query the data I wanna bring back any specific username that has had a successful login from one of the IP's listed in the Data Set.
@spinscale, thank you for the information. while this is good information for moving forward, it however does not help me with data that is already indexed. That is the issue I am currently running into. The IPs are in a txt file and not an index in my stack currently.
Thanks again,
This is not quite true, as you could run an update-by-query with a special pipeline that is doing the enrichment.
However you indeed need to find a mechanism to index those ip addresses.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.