I have a index which captures logs from various security devices at the perimeter. I want to check for possible connections from/to blacklisted IPs.
I have a index, which has the logs of the device and another index which contains blacklisted IPs ( updated daily).
How do I filter device logs for connections to the blacklisted IP addresses.
I'm a newbie to ELK stack. Can you please help me out with this.