Connecting two Timecharts - Splunk Community

Dashboards & Visualizations

I have this search in my Splunk

index="ssl" reportdiverted
| rex field=Date_Lane "(?......)"
| stats count by Lane
| lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
| sort Lane
| appendcols
[search index="ssl" sourcetype=csv |chart sum(Passagiers) by Lane | fields sum(People)]
| rename count as Total_Trays sum(People) as Total_People
| eval Image_Factor= round(Total_Trays/Total_People,2)
| table Lane Image_Factor

This works fine so i converted it to a timechart search:

index="ssl" reportdiverted
|rex field=Date_Lane "(?......)"
|lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
|eventstats count as Total_Events
|timechart span=1d count as Trays
|appendcols
[search index="ssl" sourcetype=csv |rex field=Date_Lane "(?......)" |timechart sum(People) as People| fields People]
|eval Image_Factor= round(Trays/People,2)

Now i want to count by Lane how do i integrate this with this search so i can get a timechart of image_factor by Lane (trays/people,2)

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...