@karn community would be able to assist you better if you provide more details as to what your current sparkline looks like and what is the data and Splunk query used.

Assuming you are having hourly sparkline. Following is a run anywhere example from Splunk's _internal index:

index=_internal sourcetype=splunkd log_level!=INFO
| stats sparkline(count,1h) as trend by component

In order to save the results of hourly stats. You need to breakdown the process in two parts:

Step 1: Send to outputlookup with hourly aggregate

index=_internal sourcetype=splunkd log_level!=INFO
| bin _time span=1h
| stats count by _time component
| outputlookup test.csv

Step 2: Get sum() of count per hour as sparkline. Use span as 1h for sparkline

| inputlookup test.csv
| stats sparkline(sum(count),1h) as trend by component

Please try out and confirm!