Hey, I have a problem preparing a Splunjk query. Could you assist me? I have a simple query that returns a table with a few fields: some-search | fields id, time | table id, time I also have a macro with two arguments (id and time) that returns a table with status and type fields. I want to modify the first query somehow to run a subquery for each row by calling my macro and appending the fields to the final table. Finally, I want to have a table with four fields: id, time, status, and type (where status and type were obtained by calling a subquery with id and time). Is it possible?
... View more