I have 2 events having fields
1. id_cse_event: sqsmessageid,timestamp
2. Scim: sqs_message_id, timestamp.

I want to search all the messages published by id_cse_events in scim using messageid, then find the difference between the time stamps

This is the query i have wrote:
sourcetype=id-cse-events
| where isnotnull(sqsMessageId)
| eval sqsmsgid=sqsMessageId
| eval id_cse_time=timeStamp
| table sqsmsgid, id_cse_time
| map
[search sourcetype=scim |fields line.message.sqs_message_id, line.timestamp|search line.message.sqs_message_id="$sqsmsgid$"
| eval time_diff_in_seconds=strptime(id_cse_time,"%Y-%m-%dT%H:%M:%S")-strptime(line.timestamp,"%Y-%m-%dT%H:%M:%S") ]maxsearches=9999
| table line.message.sqs_message_id,time_diff_in_seconds

id_cse_time= 2023-01-27T09:55:45.970831Z
scim timestamp = 2023-01-27T08:24:28.601+0000

The events are getting matched, but i don't see any table with messageid and timediff.
Can anyone help?