I will lay out the scenario, i work in security and I want to look for trending from our VPN users. I want to pass on a user's login credentials into a query search and the query search the juniper logs for every IP that user logged with and then take each of those IPs and run them against our IDS logs to find any security events. I am not sure how to word this, but i want to pass on a variable to pull some results, and then take those results and pass them through another set type of logs.
What you describe sounds very much like a subsearch.
http://docs.splunk.com/Documentation/Splunk/latest/User/HowSubsearchesWork