@ITWhisperer 

I want two columns only but currently when I am selecting last 7 days its coming more that 7.

If I used dedup command its showing only 1

I want when I select last 7 days it should show only last 7 days

I am selecting last 7 days its showing 60 statistics .

query

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True=if(searchmatch("ebnc event balanced successfully"),"✔","")
| eval EBNCStatus="ebnc event balanced successfully"
| table EBNCStatus True

PFA attached screenshot. 

I think you are mixing up rows and columns - you have 60 rows and 2 columns

What result are you expecting?

@ITWhisperer 

I have 60 events but I want when I select last 7 days from date drop down It should display only 7 results

If I select last 30 days it should display only 30 results.

current query

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True=if(searchmatch("ebnc event balanced successfully"),"✔","")
| eval EBNCStatus="ebnc event balanced successfully"
| table EBNCStatus True

@ITWhisperer  can you please guide

Which  event do you want to use from each day, the first, the last, only those where searchmatch("ebnc event balanced successfully") is true, what do you want to do if none of the events from a particular day have searchmatch("ebnc event balanced successfully") equating to true?

This has been said many times before, you need to be clear what you are trying to achieve.

@ITWhisperer 

I don't want to do anything  if none of the events from a particular day have searchmatch

yes , I just want the events where searchmatch("ebnc event balanced successfully") is true.

But I want when I am selecting last 7 days it should show last 7 events only

1 event per day I want.

So if it would be last 7 days it will look something like this:(only 7 events)

EBNCStatus                                                                        true

ebnc event balanced successfully                      ✔

ebnc event balanced successfully                     ✔

ebnc event balanced successfully                     ✔

ebnc event balanced successfully                    ✔

ebnc event balanced successfully                      ✔

ebnc event balanced successfully                    ✔

ebnc event balanced successfully                   ✔

Given the initial search has the same criteria as the searchmatch, True will always be a tick, so you just need to dedup the days

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True="✔"
| bin _time span=1d
| dedup _time
| eval EBNCStatus="ebnc event balanced successfully"
| table EBNCStatus True

@ITWhisperer 

I tried below query

index="600000304_d_gridgain_idx*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True="✔"
| bin _time span=1d
| dedup _time
| eval EBNCStatus="ebnc event balanced successfully"
| table EBNCStatus True

When I am selecting last 7 days its showing 8 events instead of 7

Thanks @ITWhisperer  for this help