Hey Splunkers,

I want to create a graph or line chart that will show transaction total on a day vs day, week vs week, month vs month, quarter vs quarter.

the search i have started with is :

index=pfe_os_messages sourcetype="log4j" | head 10000 | rex "getSettle(?:Now|ment)Total.+?(?\d+)" | search settlement="*" | eval settlement = "$" . (settlement / 100)

Here is some example data: (scrubbed)

time - source - settlement - Raw

16:36.7 - log4j - $60 - invoice.AcquireInvoice (AcquireInvoice.foo) - getSettlementTotal(): 6000

16:36.7 log4j $60 invoice.AcquireInvoice (AcquireInvoice.foo) - getSettleNowTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice.foo) - getSettlementTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettlementTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettlementTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000

16:36.6 log4j $60 invoice.AcquireInvoice (AcquireInvoice. foo) - getSettleNowTotal(): 6000