Running Splunk Enterprise 7.3
I am using a text input box to get a list of values from the user to exclude from my search.
For example, in my search the user will supply in the text box the following string: smithJA, JohnsonXL, and I will then remove any entries from my results where the field Account_Name matches either of those names.

I can make this work where return values for only those names, but i cannot do the opposite, where i remove events from the results where the name matches any of the listed names.

here is the XML that i am working with (only returns events that return results where Account_Name matches any of the values given):

<form>
  <label>asdf</label>
  <fieldset submitButton="false"></fieldset>
  <row>
    <panel>
      <input type="text" token="txt_ignore_usernames" searchWhenChanged="true">
        <label>field2</label>
      </input>
      <input type="time" token="time_1" searchWhenChanged="true">
        <label></label>
        <default>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </default>
      </input>
      <table>
        <title>Logons</title>
        <search>
          <query>index=MyIndexName 
| search Account_Name IN ($txt_ignore_usernames$)
| table _time host name Account_Name</query>
          <earliest>$time_1.earliest$</earliest>
          <latest>$time_1.latest$</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

I tried modifying the search as follows with no luck:

  index=MyIndexName 
 | search NOT [search Account_Name IN ($txt_ignore_usernames$)]
 | table _time host name Account_Name</query>

Anyone have any ideas?
Thanks