I need to lookup the IP in a firewall log to a field in an inputcsv. The CSV file holds 50k results, so subsearches are limited. It's been recommended not to increase the subsearch event limit in limits.conf. I've thought about doing the lookup using a relational database, but I would like to do this in the Splunk environment if possible. Does anyone have any suggestions?