Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Peak Day of the Month

WanLohnston
Explorer
‎04-04-2024 03:28 AM

Hi all, 

I was wondering if there's a way to create a search that I can add to a dashboard that'll present the Peak day and what the volume is over a 30 day period? 

Essentially when loading into the dashboard I was hoping it could save whatever day it occurred and not be replaced until a larger peak occurs. Assuming that's even possible. 

Possibly worded this poorly so feel free to ask any questions about what I'm trying to achieve. 

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-04-2024 03:33 AM

This is a little vague so I will make some assumptions.

Assuming you want a daily count of events, and just keep the highest one, you could do this

| bin _time span=1d
| stats count by _time
| eventstats max(count) as max
| where count==max
0 Karma
Reply

WanLohnston
Explorer
‎04-04-2024 03:36 AM

Yeah my sincerest apologies, can have difficulties at times with accurately describing what I'm looking for. 

I'll definitely checkout the below query. 

But essentially I'm just looking for a date value and request value to not change day to day unless the request value is higher on a different date value. Hopefully that's a more accurate description. 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...