https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550988#M156339 <P>Timechart seems to try to be clever and determine the earliest searched time, despite any manipulation done to the _time field, so use bin and chart instead. However, bear in mind that the chart will start from the earliest event time (adjusted) and not necessarily from the earliest time searched.</P><LI-CODE lang="markup">index=_internal earliest=-2h@m latest=@m | eval ReportKey="Today" | append [search index=_internal earliest=-2h-7d@m latest=-7d@m | eval ReportKey="Last week" | eval _time=relative_time(_time,"+7d")] | bin span=5m _time | chart count by _time ReportKey</LI-CODE><P>&nbsp;</P> Sun, 09 May 2021 09:50:18 GMT ITWhisperer 2021-05-09T09:50:18Z https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550984#M156337 <P>For the below query, searching for the values of 2nd occurence of earliest and latest events so that the timechart would return superimposed data from current time minus 2hrs and last week data for same time frame(2hrs).</P><P>index=sample sourcetype=hello "*abc*" earliest=-120m@m latest=now | multikv | eval ReportKey="today" | append [ search index=sample sourcetype=hello "*abc*" earliest=... latest=... | multikv | eval ReportKey="lastweek" | eval _time=_time+86400] | timechart span=5m count by ReportKey usenull=false useother=false</P><P>&nbsp;</P><P>Thanks in advance!</P> Sun, 09 May 2021 08:13:37 GMT https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550984#M156337 prajwal_94 2021-05-09T08:13:37Z https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550988#M156339 <P>Timechart seems to try to be clever and determine the earliest searched time, despite any manipulation done to the _time field, so use bin and chart instead. However, bear in mind that the chart will start from the earliest event time (adjusted) and not necessarily from the earliest time searched.</P><LI-CODE lang="markup">index=_internal earliest=-2h@m latest=@m | eval ReportKey="Today" | append [search index=_internal earliest=-2h-7d@m latest=-7d@m | eval ReportKey="Last week" | eval _time=relative_time(_time,"+7d")] | bin span=5m _time | chart count by _time ReportKey</LI-CODE><P>&nbsp;</P> Sun, 09 May 2021 09:50:18 GMT https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550988#M156339 ITWhisperer 2021-05-09T09:50:18Z https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550990#M156340 <P>Thank you so much&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;, it worked!</P> Sun, 09 May 2021 11:00:09 GMT https://community.splunk.com/t5/Splunk-Search/superimposed-timeline-chart-comparing-the-latest-and-last-week/m-p/550990#M156340 prajwal_94 2021-05-09T11:00:09Z