Suricata Logs on Splunk

Hey Guys,
Need some help, to understand suricata logs, i’ve read some of the documentation, and i almost understand the format of the logs.
i’m trying to analyze some logs with splunk.
the sample data i’m using i can identify 5 alerts on the specific ransomware, but from those 5 alerts all with severity 1, how to separate the false positives, from the real one?

Hope anyone can help me
Thank you