Archive

Find peak time and the number of requests

New Member

Hi,
I want to find the peak time in a day and number of requests on that peak time.
I trying to use the following but with no luck regarding the peak time.

index=servers sourcetype=web
| eval timeformatted=strftime(time,"%H:%M:%S")
| bucket time span=1s
| stats count by time
| stats max(count) as max
requestspersecond
| table maxrequestspersecond timeformatted

Any idea on how to get the peak time correct?
thanks

0 Karma

SplunkTrust
SplunkTrust

HI @ricm ,

Can you please try this?

index=servers sourcetype=web | timechart count as requests_per_second span=1s | eventstats max(requests_per_second) as max_requests_per_second | where requests_per_second=max_requests_per_second | eval "Peak Time"=strftime(_time, "%d/%m/%Y %H:%M:%S %p")  | table "Peak Time" max_requests_per_second

Thanks

0 Karma

Champion

try this -
instead of
stats count by time|
stats max(count) as maxrequestspersecond
try to get this result in one line by using eventsats
eventstats max(count) as max
requestspersecond by time

0 Karma