Hi, I would like to implement some splunk alert to check if there's any special event that happened after a certain event, all the events are grouped by the same request-id,  wonder if you could help on this, thanks queryA -   index=app  class=ClassA  conditionA=aVal | fields  rid, _ time | table rid, _time,   each result (rid, _time) is unique queryB -   index=app  class=ClassB conditionB=bVal   rid=queryA.rid and _time > queryA._time I would like to get the alert if queryB has a result.   If it is represented as a SQL, it would be like this  select  field1, fiedl2 ....  from queryB as B,               (select id, _time from queryA where  afield1=someval and afield2=val2) as A where B.id=A.id and B._time > A._time Any help would be greatly appreciated, thanks ... View more