Hi, I am working on a query to get the peak hour count of of the top 100 requested pages on my website and i want this together in a single table.
I have a below query which fetches my top 100 requested pages but what i want is their peak hour count as well alongside in a separate column.
index=test sourcetype=access_combined requested_content="/*" NOT (images OR js OR css OR png OR gif OR json OR jpg OR woff OR eot OR ico OR ttf OR svg OR pdf OR php OR jpeg OR txt) status=200
| stats count by req_content
| sort - count limit=100
What i am looking is something like this?
req_content Totalcount PeakHourCount
Please let me know if someone can help
I am not 100% sure if this is what you are looking for but check this run anywhere example... might get you started
Its basically your search just adding the max value (of the hourly count) for that day next to the count per hour. I think this is what you are looking for.
index=_* sourcetype=splunkd_ui_access uri="/en-US/app/search/ops_dc_status/_current" | stats count as TotalHitsPerHour by date_hour, date_mday, uri | eventstats max(TotalHitsPerHour) as maxDailyCt by date_mday, uri | table date_hour, date_mday, uri, TotalHitsPerHour, maxDailyCt
Or try this example filled out for your usecase.
index=test sourcetype=access_combined requested_content="/*" NOT (images OR js OR css OR png OR gif OR json OR jpg OR woff OR eot OR ico OR ttf OR svg OR pdf OR php OR jpeg OR txt) status=200 | stats count as Totalcount by date_hour, date_mday, req_content | eventstats maxTotalcount as PeakHourCount by date_mday, req_content | table date_hour, date_mday, req_content, Totalcount, PeakHourCount | sort - count limit=100
Thanks @Keysofsandiego for your response but I am not really sure if i am looking this. So in simple terms what i want is a table with three columns -
2. Total count of this req_content (suppose in last 7 days)
3. Peak hour count of this req_content (suppose in last 7 days).
Mainly the 1st and 3rd column and even if we don't get total count that's okay. The thing is i need to generate a report every 2 weeks with top 100 most visited pages and their peak hour count so that performance test team can have the latest data.