If I want to use a field(alarm_time) from the main search as a search criteria for a sub-search, what code should I write?
In the following code, I want to search for the time they are working 

I want to search Conditions : work_start < alarm_time < work_end 
search results you want to get : (work_name=work_b)
____________________________________

| makeresults
|eval _raw="alarm_time,host,message
2022/03/26 18:05,test_node,test_down"
| multikv forceheader=1
| eval alarm_time_strp = strptime(alarm_time,"%Y/%m/%d %H:%M")
| join type=left host
[| makeresults
|eval _raw="host,work_start,work_end,work_name
test_node,2022/03/26 17:00,2022/03/26 18:00,work_a
test_node,22022/03/26 18:00,2022/03/26 19:00,work_b
test_node,2022/03/26 19:00,2022/03/26 20:00,work_c"
| multikv forceheader=1
| eval work_start_strp = strptime(work_start,"%Y/%m/%d %H:%M")
| eval work_end_strp = strptime(work_end,"%Y/%m/%d %H:%M")
]