Connecting two Timecharts - Splunk Community

Dashboards & Visualizations

I have this search in my Splunk

index="ssl" reportdiverted
| rex field=Date_Lane "(?......)"
| stats count by Lane
| lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
| sort Lane
| appendcols
[search index="ssl" sourcetype=csv |chart sum(Passagiers) by Lane | fields sum(People)]
| rename count as Total_Trays sum(People) as Total_People
| eval Image_Factor= round(Total_Trays/Total_People,2)
| table Lane Image_Factor

This works fine so i converted it to a timechart search:

index="ssl" reportdiverted
|rex field=Date_Lane "(?......)"
|lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
|eventstats count as Total_Events
|timechart span=1d count as Trays
|appendcols
[search index="ssl" sourcetype=csv |rex field=Date_Lane "(?......)" |timechart sum(People) as People| fields People]
|eval Image_Factor= round(Trays/People,2)

Now i want to count by Lane how do i integrate this with this search so i can get a timechart of image_factor by Lane (trays/people,2)

Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale" You know Splunk. You know Cisco. But have you seen ...