HI All,

Query1:

(FAILED) COM source="/home/test/test.log"  | rex field=_raw "^(?:[^,\n]*,){3}(?P<sender>\+\d+)" | dedup sender | table sender

Then the output will become
111
112
113
123

Query2:

login COM  | rex field=_raw "(?<number>\+\d+)"   | rex field=_raw "(?<Version>\w+\/\d+\.\d+\.\d*)"   | dedup number | search Version="1.0.4" | table number

Then the output will become
101
111
123
124

I would like to Join these two tables and generate the output as below.
111
123

I have tried this command by combining these two queries, but there is no result at all. Any suggestions?

(FAILED) COM source="/home/test/test.log"  | rex field=_raw "^(?:[^,\n]*,){3}(?P<sender>\+\d+)" | dedup sender | table sender | JOIN sender [search login COM  | rex field=_raw "(?<number>\+\d+)"   | rex field=_raw "(?<Version>\w+\/\d+\.\d+\.\d*)"   | dedup number | search Version="1.0.4" | table number]