Hello, I've been searching the internet for quite a while. But can't find any approach. I have a primary search that looks for IP networks in a CSV based on various parameters, such as location (inputlookup), and then creates a CIDR including the bit length of the subnet mask. Based on this search, I want to search for IPs in a second table. In principle, I have already implemented this in a (initially poor) solution by using a token that I pass from one search to the other and then use a CIDRMATCH there. This works fine as long as I only have a one-to-one search result in the first search Now I have the problem that the first search returns multiple results (e.g. multiple subnets at one location) and I want to search for matching IPs in the second CSV for all found subnets. This is what the first search (already defined as base search) looks like: <search id="base"> <query> | inputlookup list_of_subnet_sand_sites | search City="*" Street="*" NetIP="10.5.*.*" | rename NetMask AS mask | lookup ip_mask_prefix.csv mask OUTPUT prefix | rename mask AS NetMask | eval CIDRNet_mv = mvappend(NetIP , "/", prefix) | eval CIDRNet = mvjoin(CIDRNet_mv, "") </query> <done> <set token="CIDR_tok">$result.CIDRNet$</set> </done> </search> The first search displays perhaps 25 different IP subnets.  And the second search is  (Currently I don't make use of the BS, but I want to). <search> <query> | inputlookup list_of_devices | where cidrmatch("$CIDR_tok$", devIP) | sort devIP </query> </search> I tried already something with subsearches, lookups, append and  appendpipe. Thank you all. ... View more