Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to achieve average number of events per unit of time in different days of the week?

bigll
Path Finder
‎05-09-2022 11:27 AM

Hi.

How I can compare load during the same time every day for business days?

I.e. time 11:oo AM - 7:00 PM on Monday, Tuesday -----, Friday
-----------------
Monday - 3200
Tuesday  - 3300
Wednesday - 5400
Thursday - 3200
Friday - 3100
--------------------

TIA

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-09-2022 12:24 PM

Here's one way to get the figures for business hours.

| tstats count where index=foo earliest=-7d by _time span=1h
```Get the day of the count```
| eval day=strftime(_time,"%A")
```Get the hour of the count```
| eval hour=strftime(_time,"%H")
```Discard counts on weekends.  Keep only those during business hours```.
| where ((NOT day IN ("Saturday", "Sunday")) AND (hour>=11 AND hour<19))
```Total by day```
| stats sum(count) as count by day

What do you mean by "compare"?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

bigll
Path Finder
‎05-10-2022 04:33 AM

Hi. Thank you for the reply. 
What I am trying to achieve is to see if let say number of request per server either much higher or much lower than typical load for the same time of the same day of the week.
I.e. a server team see CPU utilization spiked at 07:30 AM on Wednesday with no visible reason.
I would check if the number of connections in the same range as it was a week ago  at 07:30 AM on last Wednesday or traffic is higher and could cause CPU spike.

TIA.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...