Hi, I currently have a simple query that returns a table of data. Let's say... 1) index=test source=test_log groupId="1234" nameSearch="true" | table firstName middleName lastName firstName middleName lastName A B C D E F G H I J K L I would like to add a new column, address, that isn't in the same splunk line as nameSearch but is within the same index. Let's go with... 2) index=test source=test_log addressSearch="true" | table fullName address fullName address ABC 1 DEF 2 GHI 3 To get the data for the address column for each row, I would pass information from the first search to the second one. fullName is a combination of firstName, middleName, and lastName (so eval fullName=firstName.middleName.lastName). Would I generate a search for each result of the 1st search? If the first search returned 10000 results, would it be in my best interest to shoot off another 10000 searches for each address data? What should my approach look like? Is there an easy way to send fullName from the first search to the second and then just add the address column to the end of the table? I'm not sure what command(s) to look into? I would like the final result to look like this: firstName middleName lastName address A B C 1 D E F 2 G H I 3 J K L Pointers would be great. I imagined something like: index=test source=test_log groupId="1234" nameSearch="true" | eval fullName=firstName.middleName.lastName | search [index=test source=test_log fullName="?evalFullName?" addressSearch="true" | table address]| table firstName middleName lastName address ... View more