Hi,

Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch as "like" condition in main search, something like:

To examples:
1) 

. . main search| where like(onerowevent, "%".[search [| inputlookup blabla.csv| <whatever_condition_to_make_onecompare_field>|table onecompare }]."%"]])

2)

. . main search| eval  onerowevent=if(like(onerowevent,, "%".[search [| inputlookup blabla.csv| <whatever_condition_to_make_onecompare_field>|table onecompare }]."%"]])),onerowevent,"")