I am not sure if this is the right way to do it or not, but I am trying to plot two searches on to a single timechart. I am able achieve it but I am not able to order them by action. I appreciate any help to solve this.
my search:
sourcetype=batch_data ACTION=* ACTION!="TRIAL_TO_SUB" STATUS="STARTED" | stats values(COUNT) as TotalCOUNT by ACTION,_time | append [search sourcetype=brm_batch_data ACTION=* ACTION!="TRIAL_TO_SUB" STATUS="FAILED" | stats count as failures by ACTION,_time] | timechart values(TotalCOUNT),values(failures) by ACTION
This is giving me all TotalCOUNT's folowed by failures. I want the two bars representing two bars represting an ACTION side by side. is there any way I can order them by ACTION.
Sorry if my question is confusing, I am not able to upload the graphic of the chart.