I have been searching for how to do this for the longest time and it's rather frustrating that I can't seem to find a simple explanation anywhere.

I have a search setup and a CSV file that lists a bunch of "blacklist" items that I do not want included in the results I have tried just about everything with regards to the CSV and I have seen no progress. It got to the point that I have now been trying to append the CSV and then just search the value within the appended column but there doesn't seem to be a way to search a CONTAINS within a different column.

Here is what I want to do:

I have a table that looks like this

Name    Teams   Removed Team    TeamDels
Bob Team A  Yes           TeamA
Bob Team B  No            TeamE
Jane    Team C  No            TeamF
Jane    Team D  No            TeamG
Jane    Team E  Yes           TeamH

What I am currently thinking I am going to have to do is append the CSV (TeamDels column) and then somehow do a search if Teams contains a value in TeamDels but I can't do this?

Removed Team would be calculated by looking at the Team value (Team A, Team B etc.) and seeing if it is in the blacklist. If it is in the black list is says Yes.

I do not care how to go about doing this, I can even remove the Removed Team column if there was a way to filter out the teams based on the contents of the CSV file but there doesn't seem to be a way.

It should be noted that the "Teams" are multivalue to start so I have to split them.

DeletedTeamList.csv contains 1 column with the header TeamDels

Here is my current search:

index=teams action=* 
| append [inputlookup DeletedTeamList.csv] 
| table Name,Teams,Removed_Team
| mvexpand Teams 
| eval Removed_Team=If(Teams!=TeamDels,"No","Yes")

If I typo'd anything on here please ignore as these aren't the real fields or anything.