Sumologic "full outer join" on transaction id

Is there some way to get full outer join functionality with sumologic? The JOIN operator seems to give inner join

I have a logstream with stageA and stageB and I want to identify where there is a logline for stageA but not stageB for a shared identifier

{ id: '12324', stage: 'a' }
{ id: '12324', stage: 'b' }
{ id: '3467', stage: 'a' }

I would want results to only have id: '3467' since the other id has both stages.

Solution

Here is the query that I ended up with

parse id
transactionize on id
merge loglines on id within transaction
filter for transactions where stage b doesnt exist

exclude most recent loglines since transaction may span the query window

("id")
| parse "id: *," as id 
| transactionize id (merge id, _raw join with "\n\n") 
| where !(_raw matches "*stage: \'b\'*") and _messageTime < now() - 1000*60*4

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?