I have tried using join to detect the common field from lookup but i need not find the fields that are not present using data model query.
|inputlookup Denied_traffic.csv | join type=inner All_Traffic.src[| tstats `summariesonly` dc(All_Traffic.src) as src from datamodel=Network_Traffic where All_Traffic.src_zone=outside All_Traffic.app!=incomplete All_Traffic.action=dropped OR All_Traffic.action=blocked by All_Traffic.src]
↧