How to combine 2 search results in Splunk

Use append

sourcetype=a...  | stats count(Name) by Country 
| append [sourcetype=b.... | stats count(Name) by Country] 
| delta count(Name) as diff

Use join

sourcetype=akips index=network_stats (device="bne-dc2-internet-r1" AND interface="ge-0/0/10") 
| eval in_Bitrate2_10=ref___InBitRate/1000000
| join _time [search sourcetype=akips index=network_stats (device="bne-dc2-internet-r1" AND interface="ge-0/0/14") 
| eval in_Bitrate2_14=ref___InBitRate/1000000] 
| table _time, in_Bitrate2_10, in_Bitrate2_14 
| rename in_Bitrate2_10 as  "DC2 Vocus in_Bitrate (Mbps)", in_Bitrate2_14 as  "DC2 Mega in_Bitrate (Mbps)"

Use append​

Use join​

Use append

Use join