| makeresults
| eval _raw = "user_name machine_name event_name logon_time
user1 machine1 logon 12/9/2021 7:20
user1 machine1 logoff 12/9/2021 7:22
user1 machine1 logon 12/9/2021 8:20
user1 machine1 logoff 12/9/2021 8:22"

| multikv forceheader=1
| eval _time = strptime(logon_time, "%m/%d/%Y %H:%M")
```| reverse```
| fields - _raw linecount

| eval login_time = if (event_name == "logon", logon_time, null()), logout_time = if (event_name == "logoff", logon_time, null())
| transaction endswith=(event_name=logon) startswith=(event_name=logoff) user_name machine_name
```| transaction startswith=(event_name=logon) endswith=(event_name=logoff) user_name machine_name```
| eval session_duration = tostring (duration, "duration")
| rename login_time as logon_time
| table user_name machine_name event_name logon_time logout_time session_duration

how do i repplace the below section of query with results from a query

_raw = "user_name machine_name event_name logon_time
user1 machine1 logon 12/9/2021 7:20
user1 machine1 logoff 12/9/2021 7:22
user1 machine1 logon 12/9/2021 8:20
user1 machine1 logoff 12/9/2021 8:22

my base query yields data like below wic needs go to _raw
index=foo source = bar | fields user_name, macine_name, event_name, logon_time

this query will result 1000s of rows that may look like belwo data
user1 machine1 logon 12/9/2021 7:20
user1 machine1 logoff 12/9/2021 7:22
user1 machine1 logon 12/9/2021 8:20
user1 machine1 logoff 12/9/2021 8:22

I need to feed those thousands of events to _raw to makeresults.
Any help is much appreciated. thanks