@scelikok thanks so much. I just put join instead of | search and it worked magically.

My final query will be like 

... | Join [ search $token_account_id$ earliest=$token_time.earliest$ latest=$token_time.latest$| rex "txnid".{5}(?<TXNID>.*?(?=\\\))"|dedup TXNID | fields TXNID ] | rex "custid".{5}(?<custid>.*?(?=\\\))"| rex "custname".{5}(?<custname>.*?(?=\\\))"| rex "pdate".{5}(?<pdate>.*?(?=\\\))"|table custid, custname, pdate| rename custid as CustomerID, custname as Customer Name, pdate as Purchase Date 

Thanks for your reply. I tried this subsearch approach but seems it didn't give me any results

Thanks @scelikok  for the reply.

Mu sample query

1st query

...| rex "txnid".{5}(?<TXNID>.*?(?=\\\))"|dedup TXNID 

2nd query 

... Need to pass that TXNID here | rex "custid".{5}(?<custid>.*?(?=\\\))"| rex "custname".{5}(?<custname>.*?(?=\\\))"| rex "pdate".{5}(?<pdate>.*?(?=\\\))"|table custid, custname, pdate| rename custid as CustomerID, custname as Customer Name, pdate as Purchase Date 

NB:-

I will use this in the dashboard. In the dashboard I have one input text and a date filed which user need to provide. User will provide account id which need to be on 1st query based on the account and time stamo it will fetch the txnid and using that txnid need to fetch and show in the dashboard.

@Anonymous can you please help me. Still I'm facing issue to use the output of the 1st query in my 2nd query.

And my 2nd query is complex one as it contains 3 join query but all 3 required txn id as input also

Hi, this is Burch. It looks like there is an accepted answer and others are already actively working with you on this. Is that not the case? If not, then perhaps un-accept the answer and let's make it clear that all are able to help you rather than specific people.