Connecting two Timecharts - Splunk Community

Dashboards & Visualizations

I have this search in my Splunk

index="ssl" reportdiverted
| rex field=Date_Lane "(?......)"
| stats count by Lane
| lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
| sort Lane
| appendcols
[search index="ssl" sourcetype=csv |chart sum(Passagiers) by Lane | fields sum(People)]
| rename count as Total_Trays sum(People) as Total_People
| eval Image_Factor= round(Total_Trays/Total_People,2)
| table Lane Image_Factor

This works fine so i converted it to a timechart search:

index="ssl" reportdiverted
|rex field=Date_Lane "(?......)"
|lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
|eventstats count as Total_Events
|timechart span=1d count as Trays
|appendcols
[search index="ssl" sourcetype=csv |rex field=Date_Lane "(?......)" |timechart sum(People) as People| fields People]
|eval Image_Factor= round(Trays/People,2)

Now i want to count by Lane how do i integrate this with this search so i can get a timechart of image_factor by Lane (trays/people,2)

Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...