Hello Splunkers, I am trying below query -   index=someindex cluster=gw uuid=gw98037234c6e51a48816016172b8a3c56 | eval api_uuid="gw"+reqid | head 1 | append [search index=someindex cluster=api uuid=api_uuid]   Basically what I am trying is to get result from first search, evaluate new field from first search and add it as condition to second search. It is not working if I supply api_uuid field but If I replace uuid in append with actual computed value it is returning proper result. I have seen few people using join but dont want to use join as its expensive and comes with limit. Any solution to above query ? ... View more