Hi,

I have a customer scenario where I receive complete machine events from parent component to deepest child component.
For example first entire computer data arrives and later sub component of computer events and then sub-sub component and so on

To address this I have created data model tree
so first grand parent has query in datamodel as index=myindex
later next level parent has child query in datamodel as componentType=cmpType
later next level child has query in datamodel as componentType=subCmpType
and so on

so if I ideally query datamodel for grandparent, I should see all component and sub component data including n level in the tree

and that is what I see when I use PIVOT command as below

| pivot grandparentDatamodel parentdatamodel latest(_time) AS "latest_time" SPLITROW parentdatamodelattribute.attribute as attributeName SPLITROW parentdatamodelattribute.attribute2 as attributeName2 SORT 100 parentdatamodelattribute.attribute ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 | fields - latest_time

but when I use below tstats command to access any child of parentdatamodel or child datamodel like below, I get "No results found"

| tstats prestats=t latest(parentdatamodelattribute.attribute ) AS attributeName from datamodel=grandparentDatamodel | table grandparentDatamodel..parentdatamodel.parentdatamodelattribute.attribute2

am I making any mistake here?

Can someone suggest correct way to access 3rd level child's attributes in a datamodel
or if query look correct am I making any mistake in some datamodel permission or any other inputs or pointers to check please

Best Regards
- Shreyans Soni