index=MyApp earliest=-30d@d-14h | where (date_hour>=10 AND date_hour<22) | bucket _time span=1d | stats count by _time | sort - _time | append [ search index=MyApp earliest=-30d@d-2h | where(date_hour<10 or date_hour>=22) | eval _time=if(date_hour<10, _time-86400, _time) | bucket _time span=1d | stats count by _time | sort - _time]

I'm using the query above to generate a graph of the number of tickets for two different support staff shifts. One shift is from 10:00 AM through 10:00 PM. The other shift is from 10:00 PM to 10:00 AM. Ultimately, I want two line graphs of the number of tickets each staff gets (to compare against each other).

The graph however is not helpful. Is there a way that I can provide different colors for the lines? Also, the legend has a single entry - "Count". Is there a way to modify or change the legend? Finally, there appears to be a third line (I'm guessing an average??) that appears as well. I don't want that.

Thanks in advance.