Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to calculate Average and Peak day for last 3 months

Shashank_87
Explorer
‎05-18-2020 07:01 AM

Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 months are Feb, March, April what i am looking for is -

Average count per day for 3 months. I mean what is the average and peak in Feb then what is the average and peak in March etc.

index=temp_env sourcetype=access_combined 
| bucket _time span=1d
| stats count by _time
| stats avg(count) as AverageCountPerDay by date_month

The above query is not giving any results. Any ideas?

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎05-18-2020 07:48 AM 
index=temp_env sourcetype=access_combined earliest=-4mon latest=@m
 | bucket _time span=1mon
 | stats count by _time
 | eval date_month=strftime(_time, "%b")
 | eval date_day=strftime(_time, "%a")
 | stats avg(count) as AverageCountPerDay max(count) AS Peak_Per_Month by date_month, date_day

Try this, it will give you the max peak per month and day along with the average count per day and month. It's got a 4 month look back so it may get expensive to run. You may want to consider using metasearch or tstats for faster search speeds

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...