Page Comparison

...

It is possible to specify a time range for the subquery different than the one specified for the main query. Also, note that If you do NOT include a time range in your subquery. , it will default to the same time range as the main query.

...

Expand
title Subquery using a select clause to expose a field
Code Block from siem.logtrust.web.activity select (( from siem.logtrust.web.navigation group every - by userEmail select count()) as inner) select inner[username] as nav group by username, nav

Expose data from the subquery to the main query

You can correlate specific field values of your subquery with the ones in your main query and show them as a list in a new field.

...