Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Connecting two Timecharts

Sebas91
New Member
‎07-04-2018 02:04 AM

I have this search in my Splunk

index="ssl" reportdiverted
| rex field=Date_Lane "(?......)"
| stats count by Lane
| lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
| sort Lane
| appendcols
[search index="ssl" sourcetype=csv |chart sum(Passagiers) by Lane | fields sum(People)]
| rename count as Total_Trays sum(People) as Total_People
| eval Image_Factor= round(Total_Trays/Total_People,2)
| table Lane Image_Factor

This works fine so i converted it to a timechart search:

index="ssl" reportdiverted
|rex field=Date_Lane "(?......)"
|lookup Lane_Name.CSV Lane as Lane OUTPUT Lane_name as Lane
|eventstats count as Total_Events
|timechart span=1d count as Trays
|appendcols
[search index="ssl" sourcetype=csv |rex field=Date_Lane "(?......)" |timechart sum(People) as People| fields People]
|eval Image_Factor= round(Trays/People,2)

Now i want to count by Lane how do i integrate this with this search so i can get a timechart of image_factor by Lane (trays/people,2)

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...