I have a first search queryA that returns a set of events. I would like to make a second search queryB using the earliest/latest event of queryA as timeframe for queryB. Then I would like merge results from both searches together. Is this even possible?
I know I can do queryA | stats earliest(_time) AS Earliest, latest(_time) AS Latest. to get the earliest/latest events in queryA
Now how do something like queryB | _time > Earliest AND _time < Latest?
Finally, I would like to merge the results of 2) with queryA. Is that possible without running queryA again?