So what I'm trying trying to achieve is searching a field for contained in a CSV file, not an exact match. I can do this with single word using
| eval catch=if(match(field123,"contain-word"),"matches","other") | search catch=matches
but wondering if there's some way of using inputlookups or if anyone can recommend another way to search a field containing with a input file. This is what I have tried.
| eval catch=if(match(field123,"[| inputlookup input-file]"),"matches","other") | search catch=matches
Try this logic...
...base search [|inputlookup xyz.csv|eval Catch = if(match(field1,"matching term"),"match","other")|where Catch = "match"|fields Field_i_need_from_lookup]
So basically, you are applying the match function on lookup first and retrieving needed field where Catch = Match and passing it to the parent search.
Hope this helps.