Each log event has more than 1 transaction because we are logging a mini batch log events. So, for every 2 minutes a bunch of transactions are logged as single event. Below is a sample. In this case, how can I count a no of transactions like no. of Code and no. of minCode. If I do "timechart span=2m count" it gives each log event (contains multiple trans of mini batch logs) as 1. Please help me find the count of each transactions. Sample log event... 2021-05-11 21:36:33,634: {"level":"INFO","message":"COMMON_FIELDS - Code:1001 | Status:New | minCode:ABC"} {"level":"INFO","message":"COMMON_FIELDS - Code:1002 | Status:New | minCode:DEF"}{"level":"INFO","message":"COMMON_FIELDS - Code:1003 | Status:Modify | minCode:XYZ"}   2021-05-11 21:38:31,524: {"level":"INFO","message":"COMMON_FIELDS - Code:1011 | Status:New | minCode:RTY"} {"level":"INFO","message":"COMMON_FIELDS - Code:1012 | Status:New | minCode:HJK"}{"level":"INFO","message":"COMMON_FIELDS - Code:1013 | Status:Modify | minCode:VFR"}{"level":"INFO","message":"COMMON_FIELDS - Code:1014 | Status:New | minCode:KLO"}   The result I expect is something like this... using ==> | timechart span=2m count _time count 2021-05-11 21:26:00 3 2021-05-11 21:28:00 4   using ==> | timechart span=5m count _time count 2021-05-11 21:26:00 7   ... View more