https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492214#M194308 <P>Thanks <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/126621">@Keysofsandiego</a> for your response but I am not really sure if i am looking this. So in simple terms what i want is a table with three columns -<BR /> 1. req_content<BR /> 2. Total count of this req_content (suppose in last 7 days)<BR /> 3. Peak hour count of this req_content (suppose in last 7 days).</P> <P>Mainly the 1st and 3rd column and even if we don't get total count that's okay. The thing is i need to generate a report every 2 weeks with top 100 most visited pages and their peak hour count so that performance test team can have the latest data.</P> Wed, 30 Sep 2020 02:22:37 GMT Shashank_87 2020-09-30T02:22:37Z https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492212#M194306 <P>Hi, I am working on a query to get the peak hour count of of the top 100 requested pages on my website and i want this together in a single table.<BR /> I have a below query which fetches my top 100 requested pages but what i want is their peak hour count as well alongside in a separate column.</P> <P>index=test sourcetype=access_combined requested_content="/*" NOT (images OR js OR css OR png OR gif OR json OR jpg OR woff OR eot OR ico OR ttf OR svg OR pdf OR php OR jpeg OR txt) status=200 <BR /> | stats count by req_content<BR /> | sort - count limit=100</P> <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/184221">@to4kawa</a> <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/182782">@Sukisen1981</a> <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a> - hey Guys any help here??</P> <P>What i am looking is something like this?</P> <P>req_content Totalcount PeakHourCount </P> <P>Please let me know if someone can help</P> Wed, 30 Sep 2020 02:22:27 GMT https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492212#M194306 Shashank_87 2020-09-30T02:22:27Z https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492213#M194307 <P>Hi Shashank_87, <BR /> I am not 100% sure if this is what you are looking for but check this run anywhere example... might get you started <BR /> Its basically your search just adding the max value (of the hourly count) for that day next to the count per hour. I think this is what you are looking for. </P> <PRE><CODE> index=_* sourcetype=splunkd_ui_access uri="/en-US/app/search/ops_dc_status/_current" | stats count as TotalHitsPerHour by date_hour, date_mday, uri | eventstats max(TotalHitsPerHour) as maxDailyCt by date_mday, uri | table date_hour, date_mday, uri, TotalHitsPerHour, maxDailyCt </CODE></PRE> <P>Or try this example filled out for your usecase. </P> <PRE><CODE>index=test sourcetype=access_combined requested_content="/*" NOT (images OR js OR css OR png OR gif OR json OR jpg OR woff OR eot OR ico OR ttf OR svg OR pdf OR php OR jpeg OR txt) status=200 | stats count as Totalcount by date_hour, date_mday, req_content | eventstats maxTotalcount as PeakHourCount by date_mday, req_content | table date_hour, date_mday, req_content, Totalcount, PeakHourCount | sort - count limit=100 </CODE></PRE> <P>happy splunking! <BR /> =)</P> Wed, 02 Oct 2019 17:42:00 GMT https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492213#M194307 Keysofsandiego 2019-10-02T17:42:00Z https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492214#M194308 <P>Thanks <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/126621">@Keysofsandiego</a> for your response but I am not really sure if i am looking this. So in simple terms what i want is a table with three columns -<BR /> 1. req_content<BR /> 2. Total count of this req_content (suppose in last 7 days)<BR /> 3. Peak hour count of this req_content (suppose in last 7 days).</P> <P>Mainly the 1st and 3rd column and even if we don't get total count that's okay. The thing is i need to generate a report every 2 weeks with top 100 most visited pages and their peak hour count so that performance test team can have the latest data.</P> Wed, 30 Sep 2020 02:22:37 GMT https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492214#M194308 Shashank_87 2020-09-30T02:22:37Z https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492215#M194309 <P>@to4kawa @Sukisen1981 @gcusello - hey Guys any help here??</P> Thu, 03 Oct 2019 08:58:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492215#M194309 Shashank_87 2019-10-03T08:58:40Z https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492216#M194310 <P>@Keysofsandiego Hey, let me know if you can help me with the query please.</P> Thu, 03 Oct 2019 12:24:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-calculate-peak-hour-count-along-with-requested-content/m-p/492216#M194310 Shashank_87 2019-10-03T12:24:29Z