Suricata Logs on Splunk

Hey Guys,
Need some help, to understand suricata logs, i’ve read some of the documentation, and i almost understand the format of the logs.
i’m trying to analyze some logs with splunk.
the sample data i’m using i can identify 5 alerts on the specific ransomware, but from those 5 alerts all with severity 1, how to separate the false positives, from the real one?

Hope anyone can help me
Thank you

Hard to tell without more details on your setup. You could leverage splunk features to filter stuff that you don’t want to see or based on the metadata of rules like the severity.