I have an index called "adusers". This index pulls in all information about enabled user accounts. For the purposes of this post the values I am interested in is the "SamAccountName" so that I am able to then table information about "Surname, GivenName". So when I see my index I can see

SamAccountName = USER123
Surname = Bloggs
GivenName = Joe

If I do a search on my index I get the data

index=adusers name=user123 | table name, Surname, GivenName

I also have a inputlookup file that I would like to reference. The inputlookup file is a csv (lookup is called vip) that looks as follows:

username

user123
user456
userabc
user987

If I do the following search I get data

|inputlookup vip

What I am trying to do is to search on my index using the inputlookup but I am not getting any results (time is set to "All time"). So if I do the following search

index=adusers [|inputlookup vip] ==> no results
index=adusers [|inputlookup vip | rename SamAccountName as username] ==> no results
index=adusers [|inputlookup vip | rename username as SameAccountName] ==> no results
index=adusers [|inputlookup vip | rename SamAccountName as username | fields username] ==> no results
index=adusers [|inputlookup vip | rename username as SamAccountName | fields SamAccountName] ==> no results

I have this query working on a different dashboard but as the fields are the same in both the index and lookup I don't have this problem. I am trying to rename a field (either on the index or the lookup) so that I am able to search the information. What I am trying to generate is:

If a user exists in the inputlookup file (vip), look in the index (adusers) for that user and then from that index(adusers) get data (whatever) to generate a dashboard from it.

Where am I going wrong?