Hello, So I have been working on this for a few days, looking at numerous Splunk responses but have yet to find something that works for my situation. So I have a large inventory of servers that I search through and currently use a general IN query in my searches but some querys have over 20 or so servers to search through and want to simplify it. So I am currently using something like this that works but can be exceedingly large depending on what servers I need to look up:   index=myindex hosts IN (server1,server2,server3) <mysearchquery>   So I had a bright idea of creating a lookup table to group the servers together. The lookup table: group,server group1,server1 group1,server2 group1,server3 group2,server4 group2,server5 I can get the desired list of servers by doing the following: |inputlookup lookuptable.csv | search group=group1 | fields server This would return: server1 server2 but applying it to my search has proved a lot more difficult. I think I was close with this one but have not quite figured it out yet:   index=myindex <Search> [ |inputlookup lookuptable.csv | search group=group1 | fields server ]   Any suggestions would be greatly appreciated, or a link to similar posts for me to review. ... View more