The timechart command will do that.
| tstats prestats=t count WHERE index=XXXXX C_TXN_A IN (1,2) C_TXN_B IN (1)
((C_TXN_C IN (1,2,3,5) AND C_TXN_D IN (5,6)) OR (NOT C_TXN_C IN (4,6) AND C_TXN_D IN (7,8)))
by _time span=1m
| timechart span=1m count
---
If this reply helps you, Karma would be appreciated.
