That search is now the answer so feel free to accept.

Thank you that is what i was looking for but I changed
|chart count over... to | chart count(Tickets) over...
Can you write an answer that I can vote?

Ok this are some samples how events look like:

Ticket: 2014040310140326 Day: 2014-04-03 TicketState: new
Ticket: 2014040310150426 Day: 2014-04-05 TicketState: closed

Out of such kinds of events I extract my fields like I discribed aboth.

Well, without sample data I'm stuck with guessing what your data looks like. If you'd post some samples...

I dont think thats possible in my case.

With the sourcetype = log i get a event list where each event accords to one Ticket. So each event has one Ticktnumber, a ticket state like (open,closed...) and a day. I have already extracted the fields "tickets" with all ticketnumbers, field "day" with all days, and field "ticketstate" with 4+ states. I think now i need to create a field "close" with all closed ticketnumbers and other fields for the other states. Then:

search with or without subsearches | chart count(open) count(close)... by day

as line chart

Hope that was a better explanation.

Something like this?

sourcetype=log additional filters go here | chart count over Tickets by Day