https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111175#M29127 <P>I know this is an old question....would it be possible to get a few example events for each data set? I have an idea of how to do this, but need to see some events to make sure</P> Thu, 16 Apr 2015 20:45:15 GMT fourkidsco 2015-04-16T20:45:15Z https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111174#M29126 <P>I am trying to create a histogram with two data sets that share the x-axis. I can do it for each data set but can not get the sets onto a common x-axis.</P> <P>Example search for one histogram: </P> <PRE><CODE>source=*logs* earliest="10/13/2014:00:00:00" | rex "(?i)method.*=\s(?P&lt;method1_time&gt;\\d+)" |bucket method1_time span=100| chart count by method1_time </CODE></PRE> <P>How do I add method2_time to a unified x-axis?</P> Wed, 12 Nov 2014 02:36:04 GMT https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111174#M29126 motobeats 2014-11-12T02:36:04Z https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111175#M29127 <P>I know this is an old question....would it be possible to get a few example events for each data set? I have an idea of how to do this, but need to see some events to make sure</P> Thu, 16 Apr 2015 20:45:15 GMT https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111175#M29127 fourkidsco 2015-04-16T20:45:15Z https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111176#M29128 <P>Sorry to take so long but here is an example of the events in the log. Haven't looked at this one in a while but would still like to be able to do this (two data sets on the same x-axis for a histogram)</P> <P>2014-12-07 16:36:12,393 method1 - method time(ms) = 14714<BR /> 2014-12-07 16:36:14,643 method2 - method time(ms) = 12652</P> Thu, 25 Jun 2015 19:36:06 GMT https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111176#M29128 motobeats 2015-06-25T19:36:06Z https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111177#M29129 <P>Got the answer from fourkidsco</P> <PRE><CODE> I'm going to give this one a shot in the absence of any data examples...which means it may not work. I am assuming that the method2_time is extracted from the same events as method1_time? (This was unclear) If method1_time and method2_time are extracted from the same events, I would suggest extracting 2 things here instead of one: rather than extract the time to "method1_time" and "method2_time", just extract it to "method_time". Add another extraction to get the "method_type" (type 1 or type 2). Now do the following: ...| chart count over method_time span=100 by method_type That should give you a single histogram with 2 bars per bucket, one each for type 1 and type 2. This may not work if the data is substantially different from what I had assumed it was. </CODE></PRE> <P>This worked well for me. Query I used was:</P> <PRE><CODE>source=*logs* earliest="10/13/2014:00:00:00" | rex "(?i)method.*=\s(?P&lt;method_time&gt;\\d+)" |search method_time=*|rex "(?i)java.class.signature*-\s(?P&lt;method_name&gt;\w+)\("|search method_name=get*|bucket method_time span=100|chart count over method_time by method_name </CODE></PRE> Thu, 25 Jun 2015 20:40:43 GMT https://community.splunk.com/t5/Splunk-Search/Dual-Histogram/m-p/111177#M29129 motobeats 2015-06-25T20:40:43Z