How to calculate Average and Peak day for last 3 m...

Shashank_87 · ‎05-18-2020

Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 months are Feb, March, April what i am looking for is -

Average count per day for 3 months. I mean what is the average and peak in Feb then what is the average and peak in March etc.

index=temp_env sourcetype=access_combined 
| bucket _time span=1d
| stats count by _time
| stats avg(count) as AverageCountPerDay by date_month

The above query is not giving any results. Any ideas?

skoelpin · ‎05-18-2020

index=temp_env sourcetype=access_combined earliest=-4mon latest=@m
 | bucket _time span=1mon
 | stats count by _time
 | eval date_month=strftime(_time, "%b")
 | eval date_day=strftime(_time, "%a")
 | stats avg(count) as AverageCountPerDay max(count) AS Peak_Per_Month by date_month, date_day

Try this, it will give you the max peak per month and day along with the average count per day and month. It's got a 4 month look back so it may get expensive to run. You may want to consider using metasearch or tstats for faster search speeds

How to calculate Average and Peak day for last 3 months