Hi ,

I have a macro which gets values including host,now i do a left join .Once i do a left join in the subsearch only those host which was in previous search result should be searched.

Ex:

my search which results host
| join type=left xxx
[search index=a source=b host="host from previous search"]

Assume my first search returned many host,so in my second search after join,it should take individual host and check for any data in index=a