Very likely. On 4.3.2 you can't specify the span if you have multiple series. Its valid on 4.3.3 though.

This looks like there has been an enhancement was made in version 4.3. to have timechart automatically do what used to require the xyseries technique.

Odd. - the scenario listed is valid and works, though I distinctly remember this failing for me before..

index=_internal series=splunk* kbps > 0 eps > 0 | timechart span=1m avg(kbps) as throughput avg(eps) as load by series

gives the same results as this (apart from the legend)

same_base_search | bin_time span=1m | stats avg(kbps) as kbps avg(eps) as eps by series _time | eval s1="throughput load" | makemv s1 | mvexpand s1 | eval yval=case(s1=="throughput",kbps,s1=="load",eps) | eval chart_series=series+":"+s1 | xyseries _time,chart_series,yval | makecontinuous _time

If you did need a timechart, you would have to use something like this: http://docs.splunk.com/Documentation/Splunk/latest/User/ReportOfMultipleDataSeries

timechart help: http://docs.splunk.com/Documentation/Splunk/latest/User/ReportOfMultipleDataSeries

Ah - I thought you needed a timeseries ( based on the other question you linked.

You can have 2 stacked charts per time interval, if you use flashcharts, duplicate the Yaxis, and set the spacing to 0 and 0.5.

Anything more than 2 Y-axes and the bars overlap and it looks rubbish.

I'm guessing you have more than 2 servers though ...

Actually, it's very close to being that simple. I figured it out once I was able to stop multitasking with other things. The trick is to not use "timechart" but to use "chart" like this:

 index=data ComputerName=Server* source=WMI:Server_Memory | eval FreeGB=AvailableBytes/1024/1024/1024 | eval UsedGB=CommittedBytes/1024/1024/1024 | chart median(FreeGB) median(UsedGB) by ComputerName

Limiting the result set is definitely something we'll need to do, but that's got us well on the way. Thanks John.