@kishen2018 you will have to provide some more details about your query. For example what is the purpose of performing dedup on sumidx_slr001 index with field isoClearSysRef. Do all indexes 001, 002... 006 have same field/type of data? Why do other indexes do not have duplicates.

With your current search, if you do not need dedup for 001, I could say use multisearch instead of append as it is not impacted by sub-search limitation. But then you can have index slr001 in the base search itself. If the isoCLearSysRef is present in all indexes and you can do a dedup across all you can try the following. Also as a search performance you can move eval SLR_name after the stats by index and then use rename as your final pipe i.e.

(index=sumidx_slr006 search_stage=slr006) OR (index=sumidx_slr002 stage=transaction slr=slr002) OR (index=sumidx_slr003 slr=slr003 stage=transaction) OR (index=sumidx_slr004 search_name="sumidx_slr004")  (index="sumidx_slr001" search_name="sumidx_slr001") 
| dedup isoClearSysRef
| stats count(eval(SLR_status="Breached")) AS Breached,count(eval(SLR_status="Breached" OR SLR_status="Not Breached")) as Total by index
| eval index=case(index="sumidx_slr006","SLR006",search_name="sumidx_slr001_change2","SLR001",index="sumidx_slr002","SLR002",index="sumidx_slr003","SLR003",index="sumidx_slr004","SLR004") 
| rename index as SLR_Name

Hi @niketn,

Thanks for the update.
duplicate values are available with field isoClearSysRef and its only for sumidx_slr001, rest of indexes 002...006 don't have duplicates and also the field isoClearSysRef is available only in sumidx_slr001 and not with other indexes.

@kishen2017 may I know the reasons for duplicates in sumidx_slr01 and not others? Is the duplicate inserted only once or on regular basis? Why not in other indexes?

In any case can you try with union command instead of append with maxout option to test?