Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit my search to find the average events per second for each day from the past week?

splunkrocks2014
Communicator
‎06-23-2017 01:30 PM

I am using the following query to calculate the average events per second

| tstats count where index=* groupby index, _time span=1s | stats avg(count) as AverageCountPerSec

However, the number is lower than one of the indexes. What did I miss? How to calculate the average events per second for each day from the past week?

Thanks.

0 Karma
Reply

somesoni2
Revered Legend
‎06-23-2017 03:08 PM

You want to calculate EPS for each index or for all? Also, you say each day of past week, so you expect 7 rows with showing average of each day of last week?

0 Karma
Reply

vasanthmss
Motivator
‎06-23-2017 01:34 PM

try this,

Average, 

| tstats count where index=* by  index _time span=1s | stats avg(count) as avg by _time

Overall, 

| tstats count where index=* by  _time span=1s

For index wise, 

| tstats count where index=* groupby index, _time span=1s | xyseries _time, index, count
V
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...