Somehow, its not working. Are you asking me to write same search query between "

search again with wider time period e.g. earliest=-1d@d latest=@d 

" which i had writeen at starting to fetch data ? 

Essentially, yes. It is whatever query you use to determine what the peak hour is. You haven't said how you determine the peak, or what period you are looking over for the peak. The example I gave is to look for a peak (based on the count of events by hour) in the previous day. The idea is to find the peak by doing some stats in 1hr buckets and sort them so that the peak hour is the first (and only result once head 1 has been applied). You then take the _time of this result and use that as the earliest and the _time + 3600 seconds as the latest time. These are then the only fields returned from the sub-query and are used as parameters to your detailed query which could indeed be the same query or at least similar query.

I hope, you had seen my last comment where i have provided a query to find peak hour and written another query which i need to extract Transactions based on time captured

I need one more help from you. I am using the query in dashboard with base search. As you know, while using base search, we should replace base query with "search". But in the query, I should use base search two time. One is at the starting and second is within the square bracket. My question is, how can use base search inbetween sqaure bracket ?

I am not sure what you are asking - the outer search has an implied search command at the beginning so these two searches effectively start the same way in your example. Having said that, if I understand your example, you want the count by Transaction for the busiest hour. It might be better to do that this way

index=App 
| bucket _time span=1h 
| stats count by _time, Transaction 
| eventstats sum(count) as total by _time 
| eventstats max(total) as busiest
| where total=busiest

Thank you Rock star 🙂 It worked for me