I am trying to achieve building multiple area graph on one chart where my input is:
foo=blue
foo=purple
foo=red
foo=red
foo=red
foo=purple
And when I do splunk search, I would expect my search to be:
{get all logs} | top limit=0 "foo" | fields "foo" count
Where I would produce the following results:
red: 3
purple: 2
blue: 1
Now what I am seeking to get this type of count by time with all 3 different fields in ONE area graph.
Can someone please show me how to do this?
↧