Hi,

i am joining two queries which results in some blank values,but when the sub-search is ran independently there is no blank value .

This is the query.

`url-endpoints`
| lookup endpoint-lookup.csv "Endpoint Name" as endpoint OUTPUT "Endpoint ID" as EndpointID "API Type" as "API Type"
| where isnotnull(EndpointID)| eval Date = strftime(_time, "%d/%m/%y"), hrs=strftime(_time,"%H:%M:%S.%Q"), CNC=case(hrs>="06:00:00" AND hrs<="23:59:59", "Core Hours (06.00 - 00.00)", hrs>="00:00:00" AND hrs<"06:00:00", "Non Core Hours (00.00 - 06.00)")| eval "ASPSP Brand ID"="3"|search CNC=*|dedup CNC "ASPSP Brand ID" EndpointID Date|table Date EndpointID CNC "ASPSP Brand ID"
|join type=left Date EndpointID CNC "ASPSP Brand ID"[search `url-endpoints`
| lookup endpoint-lookup.csv "Endpoint Name" as endpoint OUTPUT "Endpoint ID" as EndpointID "API Type" as "API Type"
| where isnotnull(EndpointID) |eval filter=case(request_processing_time=="-1","no",response_processing_time=="-1","no",target_processing_time=="-1","no")|where isnull(filter) 
| eval Date = strftime(_time, "%d/%m/%y"), hrs=strftime(_time,"%H:%M:%S.%Q"), CNC=case(hrs>="06:00:00" AND hrs<="23:59:59", "Core Hours (06.00 - 00.00)", hrs>="00:00:00" AND hrs<"06:00:00", "Non Core Hours (00.00 - 06.00)"), first_byte = 'request_processing_time' + 'response_processing_time' + 'target_processing_time', "ASPSP Brand ID"="3"
| stats median(first_byte) as median_first_byte median(sent_bytes) as median_reponse_payload by Date "ASPSP Brand ID" EndpointID CNC
| eval median_first_byte = round(median_first_byte*1000, 2)|table Date "ASPSP Brand ID" EndpointID CNC median_first_byte median_reponse_payload]|table Date "ASPSP Brand ID" EndpointID CNC median_first_byte median_reponse_payload

results in:

but when the sub-search is ran independently it give results like:

what could be the prblm here????

Thanks in Advance!!!!