Hi Community,

I have a search query where I am trying to get values for the search from the results of another query.

index=_internal
[ `set_local_host`] source=*license_usage.log* type="Usage"
| eval h=if(len(h)=0 OR isnull(h),"(SQUASHED)",h)
| eval s=if(len(s)=0 OR isnull(s),"(SQUASHED)",s)
| eval idx=if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx)
| bin _time span=1d
| stats sum(b) as b by _time, pool, s, st, h, idx
| search pool = "*"
| search h = hp742srv OR dell970srv OR dell428srv OR hp548srv OR dell429srv OR dell477srv OR dell433srv
| timechart span=1d sum(b) AS volumeB by idx fixedrange=false limit=30
| join type=outer _time
[ search index=_internal
[ `set_local_host`] source=*license_usage.log* type="RolloverSummary" earliest=-30d@d
| eval _time=_time - 43200
| bin _time span=1d
| stats latest(stacksz) AS "stack size" by _time]
| fields - _timediff
| foreach *
[ eval <<FIELD>>=round('<<FIELD>>'/1024/1024/1024, 3)]

 The search statement in line number 9 has a list of host names which I have entered manually using the OR operator. The below query can generate the list of results but I am not able to use the result in the above query.

index=mx_logs "mx.env"="dell1192srv.fr.mx.com:15022" 
|  table host 
|  dedup host

 How can I use the results from the 2nd query dynamically in the first SPL query?

Thanks in advance.

Regards,

Pravin