With SQL it is possible to combine two or more queries together into one result set using UNION. How can you do the same in Sumo Logic?
If you can provide an example of a Sumo query I may be able to help you a bit more, but essentially a UNION in SQL would be the equivalent of just using two scopes (everything before the first pipe | in a search, your keywords, metadata tags, etc.) of data within Sumo Logic. So, this:
SELECT A, B, C
FROM scopeA
UNION
SELECT A, B, C
FROM scopeB
Would (more or less) translate to this:
(scope A search terms here) or (scope B search terms here)
| fields, operators, etc. that pull out your A, B, and C fields...
Where everything before the first pipe is your FROM's (using an "or" between the scopes of data). Everything after the pipe is where you would pull out the common fields between the two datasets. In pulling those fields, you'll probably be using some sort of parse operator, which you'll want to use with nodrop so it doesn't filter out as it matches the parse.
I hope this helps.