Solved: Creating a line graph that displays two sets of da... - Splunk Community

Splunk Search

I have two searches that give me two seperate line graphs. I would like to combine these two searches so that they appear on the one graph.

These are the two searches I currently run.
sourcetype=emc-sp sp="SP A" array="Array_xxx" | timechart span=2m avg(utilization)
sourcetype=emc-sp sp="SP B" array="Array_xxx" | timechart span=2m avg(utilization)

Im no sure if this has been answered previously but I couldn't find an answer that would help.

Cheers

1 Solution

Solution

Could this be something like it?

sourcetype=emc-sp sp="SP A" OR sp="SP B" array="Array_xxx" | timechart span=2m avg(utilization) by sp

Hope this helps,

Kristian

View solution in original post

Solution

Could this be something like it?

sourcetype=emc-sp sp="SP A" OR sp="SP B" array="Array_xxx" | timechart span=2m avg(utilization) by sp

Hope this helps,

Kristian

Thanks, its my first day of this and that worked exactly how I needed it too. I had played with the OR but didnt know about the 'by'
Cheers.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers, We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...