Answers for "How do I perform count logic on all entries for a specific line?"
https://answers.splunk.com/answers/479164/how-do-i-perform-count-logic-on-all-entries-for-a.html
The latest answers for the question "How do I perform count logic on all entries for a specific line?"Answer by sundareshr
https://answers.splunk.com/answering/478319/view.html
How about this. I am assuming `given_day=today()`
... | eval e_closed=strptime(Closed, "%Y-%m-%d %H:%M:%S") | eval given_day=relative_time(now(), "@d") | eval o_count=if(_time<=given_day, 1, 0) | eval c_count=if(e_closed<=given_day, 1, 0) | timechart span=1d sum(o_count) as opened sum(eval(if(c_count=1 AND o_count=1, 1, 0))) as closedThu, 01 Dec 2016 13:06:02 GMTsundareshr