Ah, got it. Thanks much!

My initial answer had an append=t because I normally append lookups to search results. Try this: |inputlookup c2_zeus.csv | inputlookup DNS_DOMAINS_malware.csv append=t

The c2_zeus.csv is the first. Then I have append=t after that and the second csv. My example above is exactly like how your query was stated originally. It just doesn't let you put a subsequent inputlookup command after the initial one.

You have them backwards. Swap the two. For each inputlookup after the first, you need "append=t"

|inputlookup c2_zeus.csv append=t| inputlookup DNS_Domains_malware.csv

can you post your search that is failing?

I do. It is because inputlookup is stated after the append. I can run the | inputlookup file1.csv just fine. It is the subsequent csvs I can't seem to also pull up.

make sure you have a | at the front of your search, and that it is the first command in the search.

I receive this error:

Error in 'inputlookup' command: This command must be the first command of a search.