https://community.splunk.com/t5/Splunk-Search/how-to-combine-time-chart-and-bar-chart-together/m-p/571596#M199177 <P>Hi team,</P><P>1. I have first query which return me below chart</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">&lt;baseQuery&gt; |timechart span=4w count(ACT) as countOfOpenSession, distinct_count(UID) as countOfUserID, distinct_count(CMN) as countOfCustomer</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_0-1634713532480.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16498i0303FF6143C9ACCF/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_0-1634713532480.png" alt="cheriemilk_0-1634713532480.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>2. then I have second query which return me below table and chart, which is for getting the CMN value which has highest hit value per month.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">&lt;baseQuery&gt; | stats count(ACT) as hit by date_month CMN | eventstats max(hit) as maxhit by date_month | where hit=maxhit | fields - maxhit</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_2-1634713812240.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16500i304FC4004EA7AB79/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_2-1634713812240.png" alt="cheriemilk_2-1634713812240.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_1-1634713662087.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16499iC2AB0C31D0DDA594/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_1-1634713662087.png" alt="cheriemilk_1-1634713662087.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Expected Chart I want to get from splunk search:</P><P>1. combine the two queries into one. (by the way, baseQuery for the two queries in my scenario are&nbsp; same.)</P><P>2. combine the timeline chart and bar chart into one chart .&nbsp;</P><P>3. From the combined chart-&gt;on the bars, to display both CMN(customer Name) and hit count</P><P>&nbsp;</P><P>Here is an example chart I want(similar to below)</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_3-1634714193515.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16501iD07E4CB5AE1D0861/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_3-1634714193515.png" alt="cheriemilk_3-1634714193515.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>how to edit the query and format to achieve the expected chart?</P> Thu, 21 Oct 2021 06:06:45 GMT cheriemilk 2021-10-21T06:06:45Z https://community.splunk.com/t5/Splunk-Search/how-to-combine-time-chart-and-bar-chart-together/m-p/571596#M199177 <P>Hi team,</P><P>1. I have first query which return me below chart</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">&lt;baseQuery&gt; |timechart span=4w count(ACT) as countOfOpenSession, distinct_count(UID) as countOfUserID, distinct_count(CMN) as countOfCustomer</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_0-1634713532480.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16498i0303FF6143C9ACCF/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_0-1634713532480.png" alt="cheriemilk_0-1634713532480.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>2. then I have second query which return me below table and chart, which is for getting the CMN value which has highest hit value per month.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">&lt;baseQuery&gt; | stats count(ACT) as hit by date_month CMN | eventstats max(hit) as maxhit by date_month | where hit=maxhit | fields - maxhit</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_2-1634713812240.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16500i304FC4004EA7AB79/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_2-1634713812240.png" alt="cheriemilk_2-1634713812240.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_1-1634713662087.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16499iC2AB0C31D0DDA594/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_1-1634713662087.png" alt="cheriemilk_1-1634713662087.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Expected Chart I want to get from splunk search:</P><P>1. combine the two queries into one. (by the way, baseQuery for the two queries in my scenario are&nbsp; same.)</P><P>2. combine the timeline chart and bar chart into one chart .&nbsp;</P><P>3. From the combined chart-&gt;on the bars, to display both CMN(customer Name) and hit count</P><P>&nbsp;</P><P>Here is an example chart I want(similar to below)</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cheriemilk_3-1634714193515.png" style="width: 999px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/16501iD07E4CB5AE1D0861/image-size/large?v=v2&amp;px=999" role="button" title="cheriemilk_3-1634714193515.png" alt="cheriemilk_3-1634714193515.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>how to edit the query and format to achieve the expected chart?</P> Thu, 21 Oct 2021 06:06:45 GMT https://community.splunk.com/t5/Splunk-Search/how-to-combine-time-chart-and-bar-chart-together/m-p/571596#M199177 cheriemilk 2021-10-21T06:06:45Z