Forum Discussion
Watchlist search all tables for IP
Hi, I have a watchlist with 50 IP address. I would need help to search the IPs in all tables regardless of the column in my L.A.W Please help me with the KQL Query
try this let tables = search * | where TimeGenerated >= ago(2s); watchlist_IP | where ipAddress in (tables)
there are some issues with watchlist_IP can you check
let tables = search *
| where TimeGenerated >= ago(2s);
watchlist_IP
| where ipAddress in (tables)
let tables = search *
| where TimeGenerated >= ago(2s);
watchlist_IP
| where ipAddress in (tables)