I am trying to correlate two resultsets.

One is a straight search of apache logs.
The other is a table that that took a long time to run (several days)

I wanted to know if the web logs are likely related the results in the table, which I define by them happening around the same time. So I tried using the transaction command with a dummy common value

|searchA | eval dummy="true", from="searchA" 
| append [|loadjob sid=job2 | eval dummy="true", from="searchB"] 
| transaction dummy maxspan=3s

And this does create a resultset of transactions, but it ignored the appended loadjob. I think this was because that job's results were a table, not events. So I tried turning it into events

|loadjob sid=job2 
| eval dummy="true", from="searchB" 
| eval _raw=_time." ".col1." ".col2

And then used that for the transaction

|searchA | eval dummy="true", from="searchA" 
| append [|loadjob sid=job2 | eval dummy="true", from="searchB" | eval _raw=_time." ".col1." ".col2] 
| transaction dummy maxspan=3s

But this creates distinct transactions for each "from" value even though I only defined the transaction field on "dummy".

Does anyone have a suggestion on how I can correlate these two result sets on time?
My ultimate goal will be to finish the query with

|search from="searchA" from="searchB"

So I can find values from one result set that might be related to the other