yes i'm started doing a search based on the traceId and spanId 

It looks like you are trying to find the app.name for the parent_span_id? To avoid using joins, try something like this:

index=your_index sourcetype=your_sourcetype
| fields trace_id, span_id, parent_span_id,app.name
| rename app.name as current_service
| eval join_id=parent_span_id
| appendpipe
    [| rename current_service as parent_service
    | eval join_id = span_id]
| eventstats values(parent_service) as parent_service by join_id trace_id
| where isnotnull(current_service)
| table trace_id parent_service current_service

If this isn't correct, please share some anonymised, but representative raw events and a description of what it is you are trying to do

---

but i'm asking if there is a default fields related to microservices in Splunk 

---

I understand that it is tempting to view Splunk as a unique data source.  But in reality, Splunk data is what you collect in your business.  Volunteers here has zero visibility of what fields are available in your_sourcetype that may or may not be related to microservices.

In simple terms, no.  There is no such a thing as default fields related to anything other than time.  host, source, and sourcetype are usually mandatory in most deployments.  You need to ask whoever is writing logs in your_sourcetype how to identify a microservice.  They may have already put such in a key-value pair using either a delimiter or using a structured format such as JSON.  Even if they haven't, Splunk can easily extract it as long as it is present in the data.  However, Splunk itself cannot tell you where your developers placed such information.

As @PickleRick suggested, you can also show some raw events (anonymize as needed) for volunteers to inspect and speculate.  Still, the best is if you can also ask your developers to identify information themselves.

1. Post your searches in code block or preformatted paragraph - it helps readability.

2. Don't use the join command if you can avoid it (in this case you can probably go with stats instead)

3. Fields depend on the data you onboard. The only "default" thing about them is when you have them normalized to be CIM-compliant. But I don't see any datamodel applicable here.