Now i have a case:
- count call API "XXX/authen" (not session) by src_ip (1)
| tstats summariesonly count from datamodel=rest.rest where rest.uri="XXX/authen" by rest.src
- count session by src_ip (2)
| tstats summariesonly dc(rest.session) as dc_session from datamodel=rest.rest by rest.src

I use stats with appendcols + subsearch then OK,

index=XXX
| stats count(eval(uri="XXX/authen")) as count_uri by src
| appendcols
[search index=XXX
| stats dc(session) as dc_session by src
]

but use TSTATS fast, then error.
| tstats summariesonly count from datamodel=rest.rest where rest.uri="XXX/authen" by rest.src
| appendcols
[| tstats summariesonly dc(rest.session) as dc_session from datamodel=rest.rest by rest.src
]

Because TSTAST don't show src_ip have count zero then result of (1) , (2) are diffirent.

Please help me!