Check the job inspector, it should tell you what the subsearch returned. See if that search string makes sense or not.

I managed to have a copy of the lookup within the app and my user profile, which caused the issue. Thank you for your help though.

No, unfortunately not. No it just says there are no result after it has searched through them all. I know there is data it should fire on, it is really frustrating me.

I have checked permission on the index/lookup/role/NTFS, removed and re-added the lookup and lookup definition, can see entries being searched from the lookup file.

Don't know what I am doing or is going wrong?

So... it's working fine now?

Does your data have a uri field extracted? If not, extract that field and you'll be good.

I changed the field within the lookup file from uri to url, and there is already a field extract within the Bloxx source for url.

Check the job inspector for what's being returned by the subsearch and see if that makes sense for your data. It should look something like this:

((uri="...") OR (uri="...") ...)

Then make sure your data actually has a field called uri with such values.

Yes I can see that, and they show items from the correct field in the lookup file.

If I run the command within job manually, I have to remove the uri= for it to work, how do I do this automatically?

Many thanks for the response.

I am trying the command but it is not returning any results, I have confirmed the time period and that URL that has been accessed is in the lookuptable.

I think some kind of wildcard may be needed?