I have a couple thoughts here, none of which actually natively tie together the two result ids and send them combined in one email. That being said, here are some alternatives I can think of:
1) If the datasets are compatible, have a longer search that displays both sets of results. You can use the fillnull command to fill any whitespace in a table if it's bothering you that an entire column is null, for example.
2) Export both search results to csvs ( outputlookup command) and pull those in as part of one search that sends an email of both contents combined ( inputlookup command). This is similar to 1 but if the searches are hard to combine, this is likely a better option than an ugly join or append .
3) Assuming they have read access to whatever app the content will live in, you could save the scheduled searches to a dashboard and link the dashboard as part of the alert. I do that pretty often.
4) Write a custom alert action to pull in multiple data sources and does some custom action/js/html on it (this one is likely an add one to 1 or 2)
Personally, I like 3 if your consumers have the access/knowledge, because they can most easily play around with any results from Splunk than from an email. If not, 1 or 2 should get the job done if you can deal with likely empty overlapping information.
... View more