How to find peak time and the low time of the requ...

balamv · ‎05-21-2018

Hi Team,
I like to find the peak time of the success requests (http_status=200) and also the least time of the requests (http_status=200) with the span of 1 hr. For example, if i search the web access log query for last 24 hours, it should be display 11 AM (PEAK TIME) and 9 PM (LEAST TIME) of the successful requests and also it should display the number of requests in the 11 AM, 9 PM span. please help

jconger · ‎05-22-2018

Something like this may work:

index=YOUR_INDEX sourcetype=YOUR_SOURCETYPE earliest=-24h@h latest=now http_status=200 | stats count by date_hour | eventstats max(count) as max min(count) as min | where count=max OR count=min | fields - max min

Here is an example using the _internal index:

index=_internal earliest=-24h@h latest=now | stats count by date_hour | eventstats max(count) as max min(count) as min | where count=max OR count=min | fields - max min

Resulting output from the above search:

alt text

niketn · ‎05-22-2018

@jconger small typo... | http_status=200 should be without pipe to add filter in the base search.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

jconger · ‎05-22-2018

@niketnilay noted and corrected - thanks!

How to find peak time and the low time of the requests with the span of every hour?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Are you a member of the Splunk Community?

How to find peak time and the low time of the requests with the span of every hour?

.conf25 Registration is OPEN!

Detecting Cross-Channel Fraud with Splunk

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside