Hello!
I have sourtsetype that contains multiple source. Into sourcetype permanently add new source. I need to search in the earliest source. For extract most earliest source I use this search request:

sourcetype="MySourceType" source=* NOT [ | inputlookup usedfiles.csv|fields source]| stats dc(source) by source | sort 1 by source | fields - dc(source) | outputlookup append=true usedfiles.csv

This search successfully return of earliest source name. How I can make search into this source? This search request is not working:

sourcetype="MySourceType" source=* NOT [ | inputlookup usedfiles.csv|fields source]| stats dc(source) by source | sort 1 by source | fields - dc(source) | outputlookup append=true usedfiles.csv | search Field="value"