topic Re: highest event count in given time frame per seconds in Splunk Search https://community.splunk.com/t5/Splunk-Search/highest-event-count-in-given-time-frame-per-seconds/m-p/529849#M149676 <LI-CODE lang="markup">... | bin span=1s _time | stats count by _time | stats max(count) as "winner winner chicken dinner"</LI-CODE><P>That's probably your basic need right there.&nbsp; Change "span=..." to whatever you need.&nbsp; 'count' is probably what you want to use for the counts, but the peak rates - you don't tell us how those even might be calculated. It might be "max(fieldname)" or something else.&nbsp;</P><P>Note, I think by second probably isn't gonna be a very fast thing to do over a longer period of time.&nbsp; There are 86,400 if those it'll calculate every day...</P><P>Report acceleration may help, and/or building a data model and accelerating that.&nbsp; Or using tstats if they're indexed fields you are fiddling with.&nbsp; Lastly, this might actually be a good use for using a summary index.</P><P>All of those things are easily able to be found with a search of (using google syntax, but I think most search engines follow that?) 'Splunk report acceleration site:docs.splunk.com' (obviously, change the keywords in there).</P><P>Happy Splunking,</P><P>Rich</P> Wed, 18 Nov 2020 02:38:30 GMT Richfez 2020-11-18T02:38:30Z highest event count in given time frame per seconds https://community.splunk.com/t5/Splunk-Search/highest-event-count-in-given-time-frame-per-seconds/m-p/529810#M149671 <P><SPAN>I'm trying to do the following search based on my index 'transactions' and field name called 'customers' for a custom time range</SPAN></P><P>&nbsp;</P><P><SPAN>Top 10 highest historical peak rates averaged over the following intervals (1 sec, 10 sec, 60 sec, 5 min)</SPAN></P><P><SPAN>Top 10 highest daily transaction counts</SPAN></P> Tue, 17 Nov 2020 19:25:34 GMT https://community.splunk.com/t5/Splunk-Search/highest-event-count-in-given-time-frame-per-seconds/m-p/529810#M149671 ronport2020 2020-11-17T19:25:34Z Re: highest event count in given time frame per seconds https://community.splunk.com/t5/Splunk-Search/highest-event-count-in-given-time-frame-per-seconds/m-p/529849#M149676 <LI-CODE lang="markup">... | bin span=1s _time | stats count by _time | stats max(count) as "winner winner chicken dinner"</LI-CODE><P>That's probably your basic need right there.&nbsp; Change "span=..." to whatever you need.&nbsp; 'count' is probably what you want to use for the counts, but the peak rates - you don't tell us how those even might be calculated. It might be "max(fieldname)" or something else.&nbsp;</P><P>Note, I think by second probably isn't gonna be a very fast thing to do over a longer period of time.&nbsp; There are 86,400 if those it'll calculate every day...</P><P>Report acceleration may help, and/or building a data model and accelerating that.&nbsp; Or using tstats if they're indexed fields you are fiddling with.&nbsp; Lastly, this might actually be a good use for using a summary index.</P><P>All of those things are easily able to be found with a search of (using google syntax, but I think most search engines follow that?) 'Splunk report acceleration site:docs.splunk.com' (obviously, change the keywords in there).</P><P>Happy Splunking,</P><P>Rich</P> Wed, 18 Nov 2020 02:38:30 GMT https://community.splunk.com/t5/Splunk-Search/highest-event-count-in-given-time-frame-per-seconds/m-p/529849#M149676 Richfez 2020-11-18T02:38:30Z