I suspect you’re going to be most interested in timechart for this
Something along the following lines may get you towards what you’re looking for:
index=ndx sourcetype=srctp Value=* TimeStamp=* %NStatus=* (Tag=SubstationA_T1_MW OR Tag=SubstationA_T2_MW) earliest=-2h
| eval _time=strptime(TimeStamp,"%m/%d/%Y %H:%M:%S.%N")
| timechart span=15m max(Value) as Value by Tag
timechart relies on the internal, hidden _time field (which is in Unix epoch time) – so if _time doesn’t match TimeStamp, you need the eval statement I added to convert from your TimeStamp to Unix epoch time in _time (which I’ve assumed is in mm/dd/yyyy format).
Also, go take the free, self-paced Splunk Fundamentals 1 class
from User warren – Stack Overflow https://stackoverflow.com/questions/67304621/how-can-i-generate-a-visualisation-with-multiple-data-series-in-splunk/67317603#67317603
via IFTTT