I see... the most intuitive way would be to either use join:

search for requests | do some extracting to get a field called MessageID | join MessageID [search for responses | do some extracting to get a field called MessageID]

or to use transaction:

search for requests OR responses | do some extracting on each to get a field called MessageID in both types of events | transaction MessageID

Depending on your reporting after that, you may also be able to use stats instead of transaction like this:

 search for requests OR responses | do some extracting on each to get a field called MessageID in both types of events | stats some(reporting) as stuff by MessageID