Hi, I am trying to produce a macro with an event summary that would contain both the field name and field value and a single field my query is as follows:   | makeresults | eval time="2020-10-05 05:44:27" | eval file="Generic.exe" | eval signature="Generic" | eval Event_Summary="" | foreach time file signature [ eval Event_Summary=Event_Summary."|"."<<FIELD>>".": ".'<<FIELD>>'] | eval Event_Summary=split(Event_Summary,"|")   how do i make the macro such that the arguments i throw in, will become the fields in the foreach statement? The macro i have tried to create is :   | eval Event_Summary="" | foreach $fields$ [ eval Event_Summary=Event_Summary."|"."<<FIELD>>".": ".'<<FIELD>>'] | eval Event_Summary=split(Event_Summary,"|")   Hoping to achieve the below:   | makeresults | eval time="2020-10-05 05:44:27" | eval file="Generic.exe" | eval signature="Generic" | eval fields="time file signature" `Summarize(fields)` |table Event_Summary   But i can't figure out how to change the argument string to fields Edit: one more condition is that i would want the macro to be flexible in being able to take in any number of fields and not just a fixed number of 3 fields/arguments.   ... View more