I too had the problem and I sorted using a simple trick.  Instead of timechart or chart use stats. for the time value, you can use time extract command Note - Remember to select CumulativeTotal as chart overlay to better show the graph in your search panel. Here is how you can achieve -  index=<indexname> sourcetype=<sourcetypename> <<search string>> | eval HourMinute=strftime(_time, "%m/%d %H%p") | stats count(_raw) as count by HourMinute | appendcols [searchindex=<indexname> sourcetype=<sourcetypename> <<search string>> | eval HourMinute=strftime(_time, "%m/%d %H%p") | stats count(_raw) as count by HourMinute |streamstats sum(count) as CumulativeTotal ] ... View more