topic How to run two searches having two different indexes using join command at different time range in Splunk Cloud Platform https://community.splunk.com/t5/Splunk-Cloud-Platform/How-to-run-two-searches-having-two-different-indexes-using-join/m-p/680360#M2891 <P>Hi ,&nbsp;</P><P>I have two searches joined using join command. The first search i need to run earliest=-60mins and the second search is using summary index here i need to fetch all the results in summary index so I need to check and run summary index for "all time" .<BR /><BR />How can this be done? I am giving earliest=-60min in my first search and time range as "all time" while scheduling the report consisting of this two searches but it is not working.</P><P>I have not used any time in my summary index. Search to populate my summary index</P><P>index=testapp sourcetype=test_appresourceowners earliest=-24h latest=now<BR />| table sys_id, dv_manager, dv_syncenabled, dv_resource, dv_recordactive<BR />| collect <STRONG>addtime=false</STRONG> index=summaryindex source=testapp.<BR /><BR />my scheduled report search&nbsp;</P><P>index=index1 <STRONG>earlies=-60m</STRONG><BR />| join host<BR />[| search index=summaryindex <STRONG>earliest="alltime</STRONG>"]<BR /><BR />| tablehost field1 field2<BR /><BR /></P> Tue, 12 Mar 2024 08:05:43 GMT Splunkerninja 2024-03-12T08:05:43Z How to run two searches having two different indexes using join command at different time range https://community.splunk.com/t5/Splunk-Cloud-Platform/How-to-run-two-searches-having-two-different-indexes-using-join/m-p/680360#M2891 <P>Hi ,&nbsp;</P><P>I have two searches joined using join command. The first search i need to run earliest=-60mins and the second search is using summary index here i need to fetch all the results in summary index so I need to check and run summary index for "all time" .<BR /><BR />How can this be done? I am giving earliest=-60min in my first search and time range as "all time" while scheduling the report consisting of this two searches but it is not working.</P><P>I have not used any time in my summary index. Search to populate my summary index</P><P>index=testapp sourcetype=test_appresourceowners earliest=-24h latest=now<BR />| table sys_id, dv_manager, dv_syncenabled, dv_resource, dv_recordactive<BR />| collect <STRONG>addtime=false</STRONG> index=summaryindex source=testapp.<BR /><BR />my scheduled report search&nbsp;</P><P>index=index1 <STRONG>earlies=-60m</STRONG><BR />| join host<BR />[| search index=summaryindex <STRONG>earliest="alltime</STRONG>"]<BR /><BR />| tablehost field1 field2<BR /><BR /></P> Tue, 12 Mar 2024 08:05:43 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/How-to-run-two-searches-having-two-different-indexes-using-join/m-p/680360#M2891 Splunkerninja 2024-03-12T08:05:43Z Re: How to run two searches having two different indexes using join command at different time range https://community.splunk.com/t5/Splunk-Cloud-Platform/How-to-run-two-searches-having-two-different-indexes-using-join/m-p/680367#M2893 <P>Try</P><LI-CODE lang="markup">earliest=0</LI-CODE> Tue, 12 Mar 2024 08:46:24 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/How-to-run-two-searches-having-two-different-indexes-using-join/m-p/680367#M2893 ITWhisperer 2024-03-12T08:46:24Z