The ability to import a watchlist from a file is included in 9.3.2. Note that watchlists cannot currently contain multiple values. However, you may be able to use enrichment to accomplish something similar.
I guess I'm confused on how I can accomplish my goal then.
How would I monitor all incoming logs for a list of string values that are dynamically generated and hosted remotely?
UPDATE: I think I understand your response. You are saying that I can only have 1 column of data in a watchlist? So in my example, just the first column (ip address) ? I thought you were saying a single value period. Which is not a list.
Yes, watchlists are exactly that: lists. Agreed: a single-value list would have very limited value
If you are on 9.3.2 build previous to what was just released this morning it is not going to work like you want it to, please upgrade to the 9.3.2 HF1 via your grant number at the download site