Splunk Search

how to combine time chart and bar chart together

cheriemilk
Path Finder

Hi team,

1. I have first query which return me below chart

 

 

 

 

<baseQuery>
|timechart span=4w count(ACT) as countOfOpenSession, 
                   distinct_count(UID) as countOfUserID, 
                   distinct_count(CMN) as countOfCustomer

 

 

 

 

cheriemilk_0-1634713532480.png

 

 

2. then I have second query which return me below table and chart, which is for getting the CMN value which has highest hit value per month.

 

 

 

 

<baseQuery>
| stats count(ACT) as hit by date_month CMN
| eventstats max(hit) as maxhit by date_month
| where hit=maxhit
| fields - maxhit

 

 

 

 

 

cheriemilk_2-1634713812240.png

 

 

cheriemilk_1-1634713662087.png

 

 

Expected Chart I want to get from splunk search:

1. combine the two queries into one. (by the way, baseQuery for the two queries in my scenario are  same.)

2. combine the timeline chart and bar chart into one chart . 

3. From the combined chart->on the bars, to display both CMN(customer Name) and hit count

 

Here is an example chart I want(similar to below)

cheriemilk_3-1634714193515.png

 

 

how to edit the query and format to achieve the expected chart?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...