I need to report for each minute during a given month for numerous sources. My issue is dealing with missing transactions; exactly what I need to report on. If I use timechart span=1m count, I get the missing entries, but for only one source. If I include all sources I get all the data, but the source is where the count is.

_time...........................................srcA.....srcB
2016-01-01T00:00:00.000-0600.....0........4
2016-01-01T00:01:00.000-0600.....0........1
2016-01-01T00:02:00.000-0600.....0........3
2016-01-01T00:03:00.000-0600.....1........2
.

.

2016-01-31T23:56:00.000-0600.....0........3
2016-01-31T23:57:00.000-0600.....0........2
2016-01-31T23:58:00.000-0600.....0........0
2016-01-31T23:59:00.000-0600.....0........1

When what I want is, i think.....

source...._time................................................Count
srcA........2016-01-01T00:00:00.000-0600........0

srcA........2016-01-01T00:01:00.000-0600........0

srcA........2016-01-01T00:02:00.000-0600........0

srcA........2016-01-01T00:03:00.000-0600........1

.

.

srcA........2016-01-31T23:56:00.000-0600........0

srcA........2016-01-31T23:57:00.000-0600........0

srcA........2016-01-31T23:58:00.000-0600........0

srcA........2016-01-31T23:59:00.000-0600........0

srcB........2016-01-01T00:00:00.000-0600........4
srcB........2016-01-01T00:01:00.000-0600........1
srcB........2016-01-01T00:02:00.000-0600........3
srcB........2016-01-01T00:03:00.000-0600........2
.

.

srcB........2016-01-31T23:56:00.000-0600........3
srcB........2016-01-31T23:57:00.000-0600........2
srcB........2016-01-31T23:58:00.000-0600........0
srcB........2016-01-31T23:59:00.000-0600........3

If I use stats, I get only the counts when an event occurred. I thought I could use a subsearch to produce a template of times and 0 counts to merge with to fill in the missing rows, but the subsearch limit is 10500 rows and there are 44640 minutes in a 31 day month.

Any help is appreciated.