I'm trying to exclude specific src_ip addresses from the results of a firewall query (example below). The query completes, however the src_ip addresses are not excluded and the following error is returned: [subsearch]: The lookup table 'dns_serves.csv' requires a .csv or KV store lookup definition.  Example: index=firewall | search NOT [|inputlookup dns_serves.csv | fields src_ip] | table src_ip dest_ip signature When running |inputlookup dns_servers.csv by itself the contents of the lookup are returned so I know the lookup is good. I've checked the lookup permissions, CSV encoding, and searches forum threads for a solution.    ... View more