Solved: How to combine my two searches into one bar graph?

JoshuaJohn · ‎08-08-2016

I scoured the internet, but came along a few different attempts and I tried, but the results were not what I was looking for.

Here are my searches:
1)

index=nitro_prod_pci_expenses "Calling translate" earliest=-1d@d latest=now | stats count as OrderCount

2)

index="nitro_prod_pci_email" INFO EmailType=Order_Confirmation earliest=-1d@d | stats count as OrderCount

I tried using appencols, but the result ended up being "1" or a different time showed both respective search results, but when I tried to visualize it into a piechart, one would completely overlay the other one, and when I tried with a bar graph, it would just be one large square.

Any Ideas?

somesoni2 · ‎08-08-2016

Try this

(index=nitro_prod_pci_expenses "Calling translate") OR ( index="nitro_prod_pci_email" INFO EmailType=Order_Confirmation ) | stats count by index | replace nitro_prod_pci_expenses with ExpenseOrderCount nitro_prod_pci_email with ConfirmationOrderCount

View solution in original post

somesoni2 · ‎08-08-2016

Try this

(index=nitro_prod_pci_expenses "Calling translate") OR ( index="nitro_prod_pci_email" INFO EmailType=Order_Confirmation ) | stats count by index | replace nitro_prod_pci_expenses with ExpenseOrderCount nitro_prod_pci_email with ConfirmationOrderCount

How to combine my two searches into one bar graph?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?