That got me closer. It didn't print out pretty, but since I'm collecting the data for the summary index, it doesn't matter. Thanks! For posterity's sake: index=summary earliest=01/01/2016:00:00:00 search_name=redacted | map search="search earliest=01/01/2016:00:00:00 $var_from_query$ |eval var_from_query=$var_from_query$ | stats values(var_from_query), values(var_from_map_search) by redacted | collect marker=\"search_name=testing\" " This works on small batches, but for some reason only returns 10 rows, when the initial search has over 100,000. On to the next mystery. Update: there's a maxsearches parameter for the map command, which is by default set to 10. ... View more