Splunk Search

How to calculate Average and Peak day for last 3 months


Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 months are Feb, March, April what i am looking for is -

Average count per day for 3 months. I mean what is the average and peak in Feb then what is the average and peak in March etc.

index=temp_env sourcetype=access_combined 
| bucket _time span=1d
| stats count by _time
| stats avg(count) as AverageCountPerDay by date_month

The above query is not giving any results. Any ideas?

0 Karma

index=temp_env sourcetype=access_combined earliest=-4mon latest=@m
 | bucket _time span=1mon
 | stats count by _time
 | eval date_month=strftime(_time, "%b")
 | eval date_day=strftime(_time, "%a")
 | stats avg(count) as AverageCountPerDay max(count) AS Peak_Per_Month by date_month, date_day

Try this, it will give you the max peak per month and day along with the average count per day and month. It's got a 4 month look back so it may get expensive to run. You may want to consider using metasearch or tstats for faster search speeds

0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...