@to4kawa This worked perfectly. I just wanted to do some modifications in it. So the above search gives us the result of the logs that didnt get updated in last 15min. So lets say the result is as follows source host _time A P B Q C R D . S E . T But i know that a particular servers are down and not working and i'm sure the log paths wouldn't get updated. say 1) A P D S So i wanted to eliminate these in the final alert i get. So i tried using set diff command .. |set diff [first search] [input lookup test.csv] test.csv would have details of 1) I wanted final result as source host _time B Q C R E . T But it doesn't work.Instead it gives me trash values. let me know what went wrong and what should be done. ... View more

Thanks a lot @to4kawa . It worked. ... View more