I have two searches which I am running by joining with appendcols and passed the result of subquery to main query.

index="index" sourcetype="aws:cloudwatch" source="source" account_id="account" metric_name="numberofmessages" CORS_Value>"1" | eval numberofmessages=CORS_Value/5 | rename metric_dimensions as queue_names | table queue_names numberofmessages | appendcols [ search index="index" sourcetype="aws:cloudwatch" source="source" account_id="account" metric_name="ageofmessages" Sum>0 | rename Sum AS TimeinQueue | table TimeinQueue] | dedup queue_names

Problem with this is , main query provides the result of itself even if subquery did not produce any result. Basically I want main query to be run only if subquery satisfies the condition.

Can someone assist with this please?