hi i'm new to splunk, need help to write a query to get records and create a chart based on that . I am trying to combine 4 searches into one. all searches from same index and same source. 1. index=eventviewer sourcetype=applicationlog "#firsttry success" 2. index=eventviewer sourcetype=applicationlog "#firsttry failed" 3. index=eventviewer sourcetype=applicationlog "#secondtry success" 4. index=eventviewer sourcetype=applicationlog "#secondtry failed" logic in the log is im trying to upload files into db with 2 tries. Records failed in #firsttry will pushed again with #secondtry. firsttry faild count = #secondtry success count + #secondtry failed count. i needs to display a time chart by date in x axis and all the search count in y axis . Table should be like below _time | TOTALCOUNT |SUCCESS#1 |FAILED#1 |SUCCESS#2 |FAILED#2 2018-03-29 | 100 | 80 | 20 | 15 | 5 2018-03-30 | 60 |50 |10 |7 | 3 wanted to create chart to show all the 5 counts should display next to one another, when i click any one of the column in the chart it should display the correct events filtered by date. please help on this thanks in advance ... View more