Hi, I'm trying to search recursively, but it would be nice to avoid duplicate searches. Concrete example: Provided search outputs logs, which contain phone numbers. For each of those phone numbers, search by phone number to find logs with email addresses. For each of those email addresses, search by email address to find logs with IP info. Output table with people's phone number, email address, and IP information. Current Implementation: PART 1 - Using A to find B to find C, then displaying C by B: search3 [search2 [search1 | fields A | rename A as query] | fields B | rename B as query] | stats values(field C) by B *Note that I got lucky with B being re-identified by field discovery in search 3. PART 2 - Using A to find B to find X, then displaying X by B: search3 [search2 [search1 | fields A | rename A as query] | fields B | rename B as query] | stats values(field X) by B PART 3 - Redoing A to find B, to display A by B: search2 [ search1 | fields A | rename A as query] | stats values(field B) by field A PART 4 - Joining them all on the common field B and output a table. Output Table: A B C X But this requires doing search1 3x and search2 2x. Is there a way to save results in the process? As this needs to be done on real-time results, I can't just save a subsearch for lookup later. Also, if I save more fields than just the one renamed as "query," nothing is returned. Any better ideas? Thanks so much! ... View more