I have an XML file that looks like this. It is one event with a break before "<COMBINE>"

<COMBINE>

<DATE>12152013</DATE>

<AGENCY><![CDATA[Department of the Housewares]]></AGENCY>

<OFFICE><![CDATA[ Housewaress Central ]]></OFFICE>

<LOCATION><![CDATA[405 5th st.]]></LOCATION>

<ZIP>29318</ZIP>

<CLASSCOD>Y</CLASSCOD>

<NAICS>109ha74</NAICS>

<OFFADD><![CDATA[]]></OFFADD>

<SUBJECT><![CDATA[Replace Appliances]]></SUBJECT>

<SOLNBR><![CDATA[SAC-73816327]]></SOLNBR>

<RESPDATE>12272013</RESPDATE>

<CONTACT><![CDATA[Ken Mattern, Procurement Manager, Phone 9925-8125]]></CONTACT>

<DESC1><![CDATA[PROJECT TITLE: Replace appliances that have been damaged by flood]]></DESC1>

<LINK><![CDATA[]]></LINK>

<SETASIDE>N/A</SETASIDE>

<POPCOUNTRY><![CDATA[US]]></POPCOUNTRY>

<POPADDRESS><![CDATA[Local Mall]]></POPADDRESS>

<RECOVERY_ACT>N</RECOVERY_ACT>

<DOCUMENT_PACKAGES><PACKAGE><![CDATA[XYZZY]]></PACKAGE>

</DOCUMENT_PACKAGES>

</COMBINE>

I'm searching it like this to find all records that contain "Mall"

index="xyz" sourcetype="xyzcombine" Mall
| spath output=Date path=COMBINE.DATE
| spath output=Solicitation path=COMBINE.SOLNBR
| spath output=Subject path=COMBINE.SUBJECT
| spath output=Location path=COMBINE.POPADDRESS
| spath output=Zip path=COMBINE.POPZIP
| spath output=Set-Aside path=COMBINE.SETASIDE
| eval Date= strptime(Date,"%m%d%Y") 
| convert timeformat="%Y-%m-%d"  ctime(Date) AS Date
| table Date, Solicitation, Location, Subject, Set-Aside
| sort Date desc

The search works just fine. However, the word "Mall" can appear anywhere in the record. What I really need to do is to be able to search for "Mall" in the Location or POPADDRESS field. I can't figure out how to do this. I have tried this

index="xyz" sourcetype="xyzcombine" Location*Mall*

With no ressults. I've tried sub searches, WHERE functions and anything else I can think of. It looks to me like fields containing character data, "[CDATA[]]" just don't parse properly.

Any idea of how I can search the specific field?