Solved: Re: multiple search results on singlechart

ChhayaV · ‎09-13-2013

hi,

these are my searches

index=tm_idx host="audit" | timechart count by Process usenull="f"

index=tm_idx host="audit" ID=144 | timechart count by ID usenull="f"

I want to show result of these searches on a single chart

HiroshiSatoh · ‎09-13-2013

I think it is good if you use the append.

index=tm_idx host="audit" | timechart count by Process usenull="f"|append [search index=tm_idx host="audit" ID=144 | timechart count by ID usenull="f"]

View solution in original post

HiroshiSatoh · ‎09-13-2013

I think it is good if you use the append.

index=tm_idx host="audit" | timechart count by Process usenull="f"|append [search index=tm_idx host="audit" ID=144 | timechart count by ID usenull="f"]

zeroactive · ‎09-13-2013

Using "append" will give you a two charts side by side with the timeframe repeated. If you use "appendcols" instead, it will give you the results of both charts within one timeframe (overlapping instead of side by side).

multiple search results on singlechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation