append

Description

Appends data obtained from a search within the append command to the main results.

Syntax

| append [ <subsearch> ] <subsearch-options>...

Required Arguments

Parameter	Syntax	Description
`subsearch`	`[<subsearch>]`	The query must be enclosed in square brackets and must start with a source designation (source, script, makeresults, etc.).

Optional Arguments

Parameter	Syntax	Default	Description
`maxtime`	`maxtime=60`	60 seconds	Maximum query execution time in seconds.
`maxout`	`maxout=1000`	0	Maximum number of returned results.
`timeout`	`timeout=60`	0	Maximum query execution time in seconds.

Query Examples

Example #1
source accessLogs
| append
    [ source cli:myDb.myUsersData:10
    | stats count by user ]

Example #2
source accessLogs qsize=1
| search user="aleksey" and message="Access granted"
| append
    [ source radius_logs qsize=1
    | search agent.id="5859c99d-8ac6-4adc-af94-a371d2a5cf28" and indextime >= "2020-11-12T14:18:28.038337Z" ]

append

Description​

Syntax​

Required Arguments​

Optional Arguments​

Query Examples​

Description

Syntax

Required Arguments

Optional Arguments

Query Examples