Hi everybody,

I want to know if it's possible to use an eval before [dbquery "select blablabla"]

For example:

index="indexA" OR index="indexB" |eval newfield=field1 |stats values(newfield) as newfield values(field2) as field2 by  field1 
[dbquery mydatabase "select field2 from my_table"|fields + field2] 

well i'm trying to get something like that, but splunk said eval is not used properly

I need to record all values of field1 from the index.
The lookup cannot be used for the requested sql.
if anybody have any idea thx