Hi All, We run searches against logs that return, as part of the dataset, IP addresses. We basically want to know what network and VLAN a given address belongs to so I created a CSV file that contains the following: network          vlan   name 10.1.1.0/24   12      Server Network 10.1.2.0/24   13      Printer Network So I'd like to pull in the CSV data and perform a cidrmatch against it using each IP address the search comes across. If there is no match I want the fields to just return "No Data" so we can then go and update the CSV with anything missing. As a test I've done the following: | inputlookup Network_VLAN_Names.csv | fields network vlan name| where NOT isnull(network) | dest_ip="10.1.1.21" | foreach network [eval subnet=if(cidrmatch('<<FIELD>>', dest_ip), <<FIELD>>, "No Match")] | search subnet!="No Match" | table _time dest_ip vlan name | sort _time asc The first issue is that if there is no match, the row isn't returned all (I just want particular fields in a row of returned data to reflect the VLAN and friendly name of the network (if available in the CSV), not for the row to not be available. Also when I've tried using: <base search> | append [ inputlookup Network_VLAN_Names.csv | fields network vlan name| where NOT isnull(network) ] | foreach network [eval subnet=if(cidrmatch('<<FIELD>>', dest_ip), <<FIELD>>, "No Match")] | search subnet!="No Match" | table _time dest_ip vlan name | sort _time asc I get nothing back... There's probably a simple solution to this but I'm not seeing it! Any help would be much appreciated. ... View more