Hi Iguinn - was the information I provided helpful/enough? appreciate if you could provide your feedback.

Hi Iguinn or any expert - appreciate your feedback...

Hi Iguinn - thanks for picking this up.

The below is the sparkline query which works perfectly when run independently:

index=foo type=Pending
| chart sparkline(avg(open_order),15m) as "Pending Trend" by service_name | sort service_name

The below is the sparkline query within the join which returns the result not rendered as a "sparkline" format - as you can see I'm (1) listing all the possible service_name, (2) appending pending count for those services which had a pending count in the latest data extraction, (3) appending pending count trend in a sparkline format. (1) and (2) works but (3) returns non-rendered result.

index="foo" type=* | stats count(service_name) by service_name
| join type=left [search index="foo" type="Pending" | table _time, service_name, type, open_order
| eventstats max(_time) as LatestTS | where _time=LatestTS | rename open_order as Pending | table service_name, Pending]
| join type=left [search index="foo" type="Pending"
| chart sparkline(avg(open_order),15m) as "Pending Trend" by service_name]
| fillnull value=0 Pending
| table service_name, Pending, "Pending Trend"