Hi ,
Below are the two queries for which I am trying to join the output of the both queries but I am facing an issue as Search Factory: Unknown search command 'index'.
First query
index=apache* sourcetype=access_log
host=xyz OR host=abc | timechart
span=10m count as requests_per_minute
Second query
index=apache* sourcetype=web_logs
host=cde OR host=wxy | table BClog
When I tried the both append and join it is not working .
index=apache* sourcetype=access_log
host=xyz OR host=abc | timechart
span=10m count as requests_per_minute
| join [ index=apache*
sourcetype=web_logs host=cde OR
host=wxy | table BClog ]index=apache* sourcetype=access_log
host=xyz OR host=abc | timechart
span=10m count as requests_per_minute
| append [ index=apache*
sourcetype=web_logs host=cde OR
host=wxy | table BClog ]
@kteng2024, add search
in the subquery and try.
index=apache* sourcetype=access_log
host=xyz OR host=abc | timechart
span=10m count as requests_per_minute
| append [ search index=apache*
sourcetype=web_logs host=cde OR
host=wxy | table BClog ]