Hello Splunkers,
I am successfully searching two indexes from two separate .csv files. Both indexes contain a 'similar' set of hostnames. I am searching index A for a particular list of hostnames that I would like to reference so that I can exclude any matching hostnames from index B. Anything with the field where Purpose2 has the word 'farm' in it needs to be excluded from both lists.
I will eventually be joining the hostnames lists between indexes as one single master list but I need to exclude the list from Index A from both.

Here is the search that identifies the list of hostnames from index A:

index=asset_db source="/var/asset_database/fullpull.csv" "Reporting Status"=Reporting "High Level Status"=Production "System Name"=* "Purpose2"=*Farm* | rename "System Name" AS hostname

search for index B which successfully returns a list of hostnames:

index=test_assets source="C:\\Splunk Test Assets\\AD-LDAP export.csv" earliest=-90d@d latest=-0d@d CN=* | rename CN as hostname

How do I get index B search to "see" and exclude the search from index A?

Thank you very much for any assistance.