https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445758#M168304 <P>@john_q could you please add a mock screenshot of what is the expected output?</P> <P>Ideally when you compare time-series data over a duration, the duration needs to remain the same for different time period selected (as duration is plotted on fixed x-axis). For example You can compare current week with Previous week and that with the week before. For such scenario, you can use the <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timewrap#Basic_example">timewrap</A> command which is available version 6.5 onward.</P> Tue, 17 Jul 2018 08:47:07 GMT niketn 2018-07-17T08:47:07Z https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445756#M168302 <P>i want to count eventcount comparison using time trends chart for today , lastweek and last2weeks. below are the my searches </P> <P><STRONG>index=something sourcetype=something earliest=-0d@d latest=@h| timechart count as "Today" | appendcols <BR /> [search index=something sourcetype=something earliest=-7d@w0 latest=@w0<BR /> | timechart count as "Previous week"]</STRONG></P> <P>for this iam getting output like this:alt text</P> Tue, 17 Jul 2018 06:39:14 GMT https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445756#M168302 john_q 2018-07-17T06:39:14Z https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445757#M168303 <P>Hi john_q,</P> <P>take a look at this answer <A href="https://answers.splunk.com/answers/663294/timewrap-compare-last-24-hours-to-the-same-day-ove.html">https://answers.splunk.com/answers/663294/timewrap-compare-last-24-hours-to-the-same-day-ove.html</A> to learn how this can be done without any sub search.</P> <P>cheers, MuS</P> Tue, 17 Jul 2018 08:45:12 GMT https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445757#M168303 MuS 2018-07-17T08:45:12Z https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445758#M168304 <P>@john_q could you please add a mock screenshot of what is the expected output?</P> <P>Ideally when you compare time-series data over a duration, the duration needs to remain the same for different time period selected (as duration is plotted on fixed x-axis). For example You can compare current week with Previous week and that with the week before. For such scenario, you can use the <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Timewrap#Basic_example">timewrap</A> command which is available version 6.5 onward.</P> Tue, 17 Jul 2018 08:47:07 GMT https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445758#M168304 niketn 2018-07-17T08:47:07Z https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445759#M168305 <P>i getting results like mentioned below.</P> <PRE><CODE> _time Today LastWeek </CODE></PRE> <P>06-07-2018 06:01:01 120 1000<BR /> 06-07-2018 07:11:01 10 1012<BR /> 06-07-2018 08:01:01 20 1128<BR /> 06-07-2018 09:05:01 105 1222<BR /> 06-07-2018 09:41:01 80<BR /><BR /> 06-07-2018 10:15:01 16<BR /><BR /> 06-07-2018 10:22:01 12<BR /><BR /> 06-07-2018 10:51:01 1 </P> <P>two line are showing today time only and LastWeek legend showing today time only instead of lastweek time which is not fully completed. plz find the above attached image.</P> Wed, 18 Jul 2018 05:54:43 GMT https://community.splunk.com/t5/Splunk-Search/search-for-eventcount-comparison-for-two-different-time-ranges/m-p/445759#M168305 john_q 2018-07-18T05:54:43Z