List last one month peak traffic time

muniyappasamy_m · ‎07-15-2014

Hi,

Here is my query, It works fine for one day , but if i change the custom time like last one month data , then it is not showing last one month data, instead it show cumulative of intergers

i'm trying to get peak connections (connection/sec) for last one month.
Could any one please help me in this.

Stats comes for every 10 mins, so i divided/600 in order convert to seconds

index="rrs_interval_summary" HOST=*shsrrs*  | stats max(RRShttpConnections) as RRS_HTTP_CONNECTIONS by HOST |eval peak=RRS_HTTP_CONNECTIONS/600 |stats sum(peak) as peak

somesoni2 · ‎07-15-2014

If you're trying to get peak connection per second for a given period (a month in your case), simple use max without the "by HOST" clause.

index="rrs_interval_summary" HOST=*shsrrs*  | stats max(RRShttpConnections) as RRS_HTTP_CONNECTIONS |eval peak=RRS_HTTP_CONNECTIONS/600

somesoni2 · ‎07-15-2014

Stats is returning single value.

strive · ‎07-15-2014

But he wont be able to plot all points on chart.. Isn't there a limit of 1000 points.

ankireddy007 · ‎07-15-2014

Hi,

Do you want peak value in last 1 month by host? you can try like this (added by HOST at the end)

index="rrs_interval_summary" HOST=*shsrrs*  | stats max(RRShttpConnections) as RRS_HTTP_CONNECTIONS by HOST |eval peak=RRS_HTTP_CONNECTIONS/600 |stats sum(peak) as peak by HOST

or else you can try like below to know peak of all hosts

 stats sum(peak) as peak

List last one month peak traffic time

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)