index="test" [search index="test_summary" key_field="y" | head 1 | eval search = "_time>" . _time | fields search]
| table a,b,c
I have to return everything under "test" where _time>_time of y_summary. This search works fine as long as there is something under test_summary with **key_field="y"**.
But, if there are no events returned by the sub search, my main search should return all the items in the index="test"
How do I get it working.. I have been on this for a day now.. with very little progress to show..
↧