I have a set of wordpress tables I'm trying to build a transaction on. I have the following which is working well and placing wp_postmeta, wp_posts and wp_order_itemsmeta within a single transaction.
index=onstone (sourcetype="wp_order_items" OR sourcetype="wp_postmeta" OR sourcetype="wp_posts" OR sourcetype="wp_order_itemsmeta")
| eval id=coalesce(order_id,post_id, ID)
| transaction id
However within wp_order_items there is the field 'order_item_id' which points to events within wp_order_itemsmeta which i need included within the transaction.
So essentially if i take below as an example, i have event1 and event2 in my transaction but i need event 3 in there as well.
event1 id=1
event2 id=1, id2=a
event3 id2=a
I've had a good hunt around and tried a combination of a few different things like including order_item_id ( | transaction id, order_item_id ) in the transaction command and running another transaction command after running the first transaction command with keeporphans=true but nothing seems to be doing the trick.
Any help would be much appreciated.
