Community
Splunk Answers
Splunk Administration
Deployment Architecture
Getting Data In
Installation
Security
Knowledge Management
Monitoring Splunk
Using Splunk
Splunk Search
Dashboards & Visualizations
Splunk Dev
Alerting
Reporting
Other Usage
Splunk Platform Products
Splunk Enterprise
Splunk Cloud Platform
Splunk Data Stream Processor
Splunk Data Fabric Search
Splunk Premium Solutions
News & Education
Blog & Announcements
Community Blog
Product News & Announcements
Practitioner Resources
Adoption Boards
Community Office Hours
Splunk Tech Talks
Great Resilience Quest
Training & Certification
Training + Certification Discussions
Training & Certification Blog
Community Lounge
Getting Started
Welcome
Feedback
SplunkTrust
User Groups
Splunk Love
Apps and Add-ons
All Apps and Add-ons
User Groups
Resources
SplunkBase
Developers
Documentation
Splunk Ideas
Sign In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
All community
Knowledge base
Maickeen
Users
Products
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Ask a Question
About Maickeen
Maickeen
Engager
Member since:
03-22-2022
03-23-2022
Community Statistics
Posts
1
Solutions
0
Karma Given
1
Karma Received
0
Member Since
22-03-2022
View all badges
Activity Feed
Karma
Re: How can i combine two timechart query extracting the difference ?
for somesoni2.
03-22-2022
08:45 AM
Posted
How to combine two timechart query that extract the difference ?
on
Splunk Search
.
03-22-2022
08:13 AM
Topics I've Started
Subject
Karma
Author
Latest Post
How to combine two timechart query that extract th...
Splunk Search
0
Maickeen
03-22-2022
08:22 AM
by
somesoni2
View All
Topics Maickeen has Participated In
Topics Maickeen has Participated In
Latest Contributions by Maickeen
Re: How can i combine two timechart query extracti...
by
somesoni2
in
Splunk Search
03-22-2022
08:22 AM
1 Karma
03-22-2022
08:22 AM
1 Karma
Try like this (index=iks) "Procces started" OR "Procces finished" | eval type=if(searchmatch("Procces started"),"Process_Started","Process_Finished") | timechart count span=1d by type | eval differenc=Process_Started-Process_Finished
... View more
Contact Me
Online Status
Offline
Date Last Visited
03-23-2022
10:22 AM
Karma given to
User
Karma Count
somesoni2
1
View All