@ITWhisperer  I am confusing with this timeframe " 

((earliest=@m-3h latest=@m) OR (earliest=@m-1w-3h latest=@m-3w)) "

Can you please help me explain this ? 

And other than this can we use the time wrap command approach ?

Your initial search (the line that starts with index=) will normally be over a timeframe defined by the earliest and latest options either in the dashboard or timepicker if in search app.

This can be overridden by defining earliest and latest values as part of the search.

What this part is doing is overriding the timeframe with two timeframe so events will be kept if they fall into either timeframe.

This has the advantage over using the append approach that you used because append is using a subsearch and is therefore limited to the number of events it can process.

@ITWhisperer Can we use " (earliest=@m-1w-3h latest=@m-1w)) in place of below you have suggested

(earliest=@m-3w-3h latest=@m-3w))

I have chnaged 3W to 1W

Yes, that should work (assuming your index retains data for that period)

@ITWhisperer Let me explore as suggested. I will let you know if any issue.

Thanks for your great help!!

@ITWhisperer Thanks for your reply on this. But that is not giving me the correct result.

Can we use this SPL ?

<my search> earliest=-7d@d latest=now
| multikv | eval ReportKey1="1 week before"
| append
[search <my search> earliest=-3h@h latest=now
| multikv | eval ReportKey2="3 hours"]
| timechart count(ReportKey1) count(ReportKey2) span=30m

Not really - with your search, your x-axis will be the time in epoch format i.e. full date and time, so your two lines will not overlap as you would like.

@ITWhisperer 

You search giving this kind of visualization. Can you please to make more corrective on this.

What would you like to change about it?

@ITWhisperer Like the span in the x-axis would be like 30 mins if we the graph of the NewRelic which i have attached in my first screenshot.

The graphic you shared doesn't use a span of 30 minutes as there are multiple points within each 30 minute period across your 3 hour graph.

Do you want a point for each 30 minute period (span=30m) or a point for each minute?

@ITWhisperer  I have used your suggested query. But here you can see the yellow highlighted one which is showing 26 day of data as well as 5 day of the data. Here I want last 7 days of the data with comparison of last 3 hours of data. I think we need to modify some changes here "(earliest=@m-3w-3h latest=@m-3w)". Please help me to fix this.

26 is 26th of the month - 5 is the 5th of the month - these are 3 weeks apart.

I am not sure what you are trying to compare - do you want the last 3 hours and the same time of day for a day 3 weeks ago or something else?

@ITWhisperer  I want the last 3 hours and the same time for a day 1 week ago.

((earliest=@m-3h latest=@m) OR (earliest=@m-1w-3h latest=@m-1w))

@ITWhisperer Here I just want to compare a trend for last three hours with complete 1 week ago. 

Que : do you want the last 3 hours and the same time of day for a day 3 weeks ago  :?

Ans : No

So what do you expect to be measured by the x-axis?