Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to achieve average number of events per unit of time in different days of the week?

bigll
Path Finder
‎05-09-2022 11:27 AM

Hi.

How I can compare load during the same time every day for business days?

I.e. time 11:oo AM - 7:00 PM on Monday, Tuesday -----, Friday
-----------------
Monday - 3200
Tuesday  - 3300
Wednesday - 5400
Thursday - 3200
Friday - 3100
--------------------

TIA

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-09-2022 12:24 PM

Here's one way to get the figures for business hours.

| tstats count where index=foo earliest=-7d by _time span=1h
```Get the day of the count```
| eval day=strftime(_time,"%A")
```Get the hour of the count```
| eval hour=strftime(_time,"%H")
```Discard counts on weekends.  Keep only those during business hours```.
| where ((NOT day IN ("Saturday", "Sunday")) AND (hour>=11 AND hour<19))
```Total by day```
| stats sum(count) as count by day

What do you mean by "compare"?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

bigll
Path Finder
‎05-10-2022 04:33 AM

Hi. Thank you for the reply. 
What I am trying to achieve is to see if let say number of request per server either much higher or much lower than typical load for the same time of the same day of the week.
I.e. a server team see CPU utilization spiked at 07:30 AM on Wednesday with no visible reason.
I would check if the number of connections in the same range as it was a week ago  at 07:30 AM on last Wednesday or traffic is higher and could cause CPU spike.

TIA.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...