https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691322#M235413 <P>This is a little confusing. &nbsp;You are almost there:</P><LI-CODE lang="markup">index=web sourcetype=access_combined status=200 productId=* |timechart sum(price) as DailySales count as UnitsSold</LI-CODE><P>Is there something else we need to know?</P> Fri, 21 Jun 2024 18:13:17 GMT yuanliu 2024-06-21T18:13:17Z https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691320#M235411 <P>Stuck again and not sure what I'm missing... I have the first two steps, but cannot figure out the syntax to use Timechart to count all events as a specific label. Any help is greatly appreciated.&nbsp;</P> <P>The Task:&nbsp;&nbsp;Use timechart to calculate the sum of price as "DailySales" and all count all events as "UnitsSold".</P> <P>What I have so far:&nbsp;</P> <LI-CODE lang="markup">index=web sourcetype=access_combined status=200 productId=* |timechart sum(price) as DailySales</LI-CODE> Fri, 21 Jun 2024 23:34:28 GMT https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691320#M235411 Substance82 2024-06-21T23:34:28Z https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691322#M235413 <P>This is a little confusing. &nbsp;You are almost there:</P><LI-CODE lang="markup">index=web sourcetype=access_combined status=200 productId=* |timechart sum(price) as DailySales count as UnitsSold</LI-CODE><P>Is there something else we need to know?</P> Fri, 21 Jun 2024 18:13:17 GMT https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691322#M235413 yuanliu 2024-06-21T18:13:17Z https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691323#M235414 <P>Lol almost there, but a million miles away. I attempted something similar, but didn't fair well. Thanks a million.&nbsp; Still working through a few new modules, but learning more each day.&nbsp;</P> Fri, 21 Jun 2024 18:16:22 GMT https://community.splunk.com/t5/Splunk-Search/TimeChart-Syntax/m-p/691323#M235414 Substance82 2024-06-21T18:16:22Z