https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669171#M229520 <P>HI</P><P>I agree that is correct and this was an example of 2 SPLs I had, but I had other issues else where the SPLs were different.</P><P>The UNION command was able to help me out in this case.</P><P>Thanks</P><P>Robert</P> Mon, 20 Nov 2023 11:24:46 GMT robertlynch2020 2023-11-20T11:24:46Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669165#M229518 <P><SPAN>Hi - Is there a way to get 2 nonstream Searches to run in parallel in the same SPL? </SPAN></P><P><SPAN>I am using "appendcols", but I think one is waiting for the other to finish. </SPAN></P><P><SPAN>I can't use multisearch as I don't have stream commands.</SPAN><BR /><SPAN>The issue is displaying the license used by Splunk and I want to run 2 SPL in parallel. However, it's very slow to run if I run 2 in sequence. Thanks in advance for any help</SPAN></P><P>&nbsp;</P><LI-CODE lang="markup">index=_internal [ `set_local_host`] source=*license_usage.log* type="Usage" | eval h=if(len(h)=0 OR isnull(h),"(SQUASHED)",h) | eval s=if(len(s)=0 OR isnull(s),"(SQUASHED)",s) | eval idx=if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx) | bin _time span=1d | stats sum(b) as b by _time, pool, s, st, h, idx | search pool = "*" | search idx != "mlc_log_drop" | timechart span=1d sum(b) AS Live_Data fixedrange=false | fields - _timediff | foreach * [ eval &lt;&lt;FIELD&gt;&gt;=round('&lt;&lt;FIELD&gt;&gt;'/1024/1024/1024, 3)] | appendcols [ search index=_internal [ `set_local_host`] source=*license_usage.log* type="Usage" | eval h=if(len(h)=0 OR isnull(h),"(SQUASHED)",h) | eval s=if(len(s)=0 OR isnull(s),"(SQUASHED)",s) | eval idx=if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx) | bin _time span=1d | stats sum(b) as b by _time, pool, s, st, h, idx | search pool = "*" | search idx = "mlc_log_drop" | timechart span=1d sum(b) AS Log_Drop_Data fixedrange=false | fields - _timediff | foreach * [ eval &lt;&lt;FIELD&gt;&gt;=round('&lt;&lt;FIELD&gt;&gt;'/1024/1024/1024, 3)]] </LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 20 Nov 2023 10:45:58 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669165#M229518 robertlynch2020 2023-11-20T10:45:58Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669170#M229519 <P>You're asking a wrong question.</P><P>Your both searches start with the same base search so either you should be able to do all in one go or your searches produce differently aggregated results so it doesn't make sense to combine them with appendcols.</P> Mon, 20 Nov 2023 11:16:30 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669170#M229519 PickleRick 2023-11-20T11:16:30Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669171#M229520 <P>HI</P><P>I agree that is correct and this was an example of 2 SPLs I had, but I had other issues else where the SPLs were different.</P><P>The UNION command was able to help me out in this case.</P><P>Thanks</P><P>Robert</P> Mon, 20 Nov 2023 11:24:46 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-get-2-nonstream-Searches-to-run-in-parallel-in/m-p/669171#M229520 robertlynch2020 2023-11-20T11:24:46Z