https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383873#M112118 <P>I have a splunk log in following format:</P> <PRE><CODE>||pool-2-thread-1||&nbsp;INFO &nbsp;SUCCESSFULLY COMPLETED at END_TIME:&nbsp;2018-05-07T06:05:17.475Z&nbsp; ||pool-2-thread-1||&nbsp;INFO ACTIVE at START_TIME:&nbsp;2018-05-07T06:04:44.981Z&nbsp; ||pool-2-thread-1||&nbsp;INFO SUCCESSFULLY COMPLETED at END_TIME:&nbsp;2018-05-09T07:10:17.475Z&nbsp; ||pool-2-thread-1||&nbsp;INFO ACTIVE at START_TIME:&nbsp;2018-05-09T07:08:44.981Z </CODE></PRE> <P>all the above are separate events. Now I want to get the start date and end date as follows:</P> <PRE><CODE>startDate Enddate ------------------------------------------------------- &nbsp;2018-05-09T07:08:44.981Z 2018-05-09T07:10:17.475Z 2018-05-07T06:04:44.981Z&nbsp; 2018-05-07T06:05:17.475Z&nbsp; </CODE></PRE> <P>and I need to draw a timechart with the data. Am new to the splunk, can anyone please suggest me how can I do it.</P> Mon, 07 May 2018 11:55:15 GMT Kaviyap 2018-05-07T11:55:15Z https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383873#M112118 <P>I have a splunk log in following format:</P> <PRE><CODE>||pool-2-thread-1||&nbsp;INFO &nbsp;SUCCESSFULLY COMPLETED at END_TIME:&nbsp;2018-05-07T06:05:17.475Z&nbsp; ||pool-2-thread-1||&nbsp;INFO ACTIVE at START_TIME:&nbsp;2018-05-07T06:04:44.981Z&nbsp; ||pool-2-thread-1||&nbsp;INFO SUCCESSFULLY COMPLETED at END_TIME:&nbsp;2018-05-09T07:10:17.475Z&nbsp; ||pool-2-thread-1||&nbsp;INFO ACTIVE at START_TIME:&nbsp;2018-05-09T07:08:44.981Z </CODE></PRE> <P>all the above are separate events. Now I want to get the start date and end date as follows:</P> <PRE><CODE>startDate Enddate ------------------------------------------------------- &nbsp;2018-05-09T07:08:44.981Z 2018-05-09T07:10:17.475Z 2018-05-07T06:04:44.981Z&nbsp; 2018-05-07T06:05:17.475Z&nbsp; </CODE></PRE> <P>and I need to draw a timechart with the data. Am new to the splunk, can anyone please suggest me how can I do it.</P> Mon, 07 May 2018 11:55:15 GMT https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383873#M112118 Kaviyap 2018-05-07T11:55:15Z https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383874#M112119 <P>Are these events always in the right order, e.g. start, end, start, end, etc? </P> Mon, 07 May 2018 16:19:50 GMT https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383874#M112119 xpac 2018-05-07T16:19:50Z https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383875#M112120 <P>To do what Splunk calls <CODE>timechart</CODE>, you only need 1 value. What do <EM>you</EM> mean by <CODE>timechart</CODE> and why do you need both values?</P> Mon, 07 May 2018 17:59:16 GMT https://community.splunk.com/t5/Splunk-Search/Line-chart-with-different-events/m-p/383875#M112120 woodcock 2018-05-07T17:59:16Z