I have two query in splunk query 1 and query 2 and an input. Based on the input, i need to execute either query 1 or query 2. I am trying something like below query but it is not working for me. | makeresults
| eval myInput="*"
| append [
search "my search related to query 1"
| rex field=_raw "Job id : (?<job_id>[^,]+)"
| where myInput="*"
| eval query_type="query1"
| table job_id, query_type, myInput
]
| append [
search "my search related to query 2"
| rex field=_raw "Job id : (?<job_id>[^,]+)"
| where myInput!="*"
| eval query_type="query2"
| table job_id, query_type, myInput
]
... View more