I downvoted this post because downvoting because this answer is no longer correct

Hi @nick405060

As @somesoni2 mentioned, if an answer is no longer currently applicable because there are new capabilities in more recent versions of the product that address it, commenting with links to latest supporting documentation will be more constructive. Or, if you answer the question with an updated solution of your own and commenting to check out your answer works great too.

Downvoting on Answers should be reserved for proposed solutions that are completely against known best practices, or ones that could be potentially harmful to a user's Splunk environment. More on voting etiquette on Answers can be found here.

Thanks for all the answers and help you have been contributing to the community.

I mean, I agree, you should not downvote an answer that works for some versions but not for others.

However, in this case the answer was not "here's an answer that works for version X" or "you can't do this in version X and below" (in which case downvoting would have been incorrect) but the answer was "there is not a solution to this problem (and here's a tangentially related workaround)", which is now wholly incorrect no matter what logical framework you use. And yes tangentially, the question literally says "multiple base searches" in the title.

I think downvoting solutions that say "sorry, you can't solve this problem" when they are no longer correct is extremely helpful to the community. It's not a slight to the person who posted it (isn't this how all internet forums work? a downvote isn't necessarily a personal slight? it's for the accuracy of communal knowledge?). Otherwise people like me see the answer, assume it's accurate, and stop exploring avenues to fixing the problem because they've been told they can't fix it. Since downvoting doesn't actually remove the answer, the net positive of downvoting is more robust communal knowledge, and the net positive of not downvoting is, well, zero.

Honestly, SA downvoting is so ridiculously policed and also inconsistent with the entire internet. I cannot believe I got hit for this. Just trying to contribute to the community. Why don't you just remove the capability if you don't want people to use it...? I think Splunk would be better suited to, instead of taking the money I pay and using it to police my downvoting, to use that money to fix issues, e.g. the fact that Splunk is a billion-dollar company that cannot put BUTTONS (or single-value checkboxes, mostly) on its SimpleXML dashboards. Or, you know, adding a non-loadjob multiple base search capability.

@nick405060, Instead of downvoting, a better action would be to post an answer that works for current version and mention that current accepted answer was only suitable for so and so Splunk versions. The answer is not incorrect. What you do with your loadjob version is basically the same what this answer suggests (appending multiple searches to each other to form one combined base search). The loadjob method also requies that you save all your different base searches as a saved search.

It became a real mess, but it works. Let's hope multiple base's is supported in the future 🙂

Agreed. I need to do the same thing and the whole appending your base searches into one by hand is messy af. I would think supporting multiple base searches is not hard... literally behind the scenes the capability would similarly just be appending the base searches same but with the result of much more readable code. Ugh.