@richgalloway 

raw events:

2023-08-08 10:25:13.067 [INFO ] [Thread-3] CollateralProcessor - Server side call completed for Collateral with record count: 476

2023-08-08 09:56:03.777 [INFO ] [Thread-3] CollateralProcessor - Server side call completed for Collateral with record count: 18541701

I want to fetch both values

Thanks for sharing the events.

You *are* collecting both values, but you apparently you are unhappy with how the values are presented.  Please describe or provide a mock-up of how you would like the values displayed and we'll try to find a way to accomplish that.

It looks like you are collecting both those values, but your timechart command

| timechart span=1d values(record) AS RecordCount

is collecting the individual values of those into the RecordCount field giving you multiple values - do you want to add them together or something else?

timechart span=1d sum(record) AS RecordCount

This will add them together 

@bowesmana 

I want to display both of them like on 08/02/2023 both values should be displayed .

But currently I am not able to make any bar chart for it. As two  values are coming on one date.

Query:

index="abc*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" "Server side call completed for Collateral with record count"| rex "Server side call completed for Collateral with record count:\s+(?<record>\d+)"|timechart span=1d values(record) AS RecordCount

I want them to come individually along with the date.

Are you saying you want 1 column for each record count for each day in your bar chart? If so, you need to provide a series for each of the rows. There is no need to do an aggregation with timechart.

You can do

...
| bin _time span=1d
| table _time RecordCount

which will give you a row per event, but you then need to understand how you want to show this