Hi, I have a CSV file that I would like to filter search results using an inputlookup command, but also to include in the returned events a comment field that is part of that same CSV. Here is an example of my table as stuff.csv: src user comment 192.168.1.1   This matches with the IP only   john This matches with the user only 192.168.1.2 bobby This matches with both IP and user   I would like to do something like this:   index=main [|inputlookup stuff.csv | fields - comment] | lookup stuff.csv src,user   The main problem here is that the inputlookup subsearch only returns values that have entries, which effectively act as wildcard if the field is empty, while the lookup command treats empty fields as literal blank values. In this example, assuming all events in my index have values for src and user, only matches with the 3rd row would ever return results from the lookup command. The desired behavior is, for example: Event contains src=192.168.1.1 and any username - The comment on row 1 is appended Event contains user=John and any src - The comment on row 2 is appended Event contains src=192.168.1.2 and user=Bobby - The comment on row 3 is appended   From the snippet above the following behavior is observed: Example 1 - No comment is appended (Undesired) Example 2 - No comment is appended (Undesired) Example 3 - Comment from row 3 is appended as desired   Can I somehow append the comment that associates with the matched row back to the events? ... View more