what is the most efficient way to achieve this.
I run search #1 that populates the lookup table file with data.
Then search #2 will search for values a specific field in the lookup table and only reports events that are NOT a match for anything already in the lookup table.
Finally I append the results of the second search to the same lookup table. So in the end my lookup file will now have 1 list of unique entries combined from 2 different searches.
Is that possible? Otherwise , what would be the most efficient way?