Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Looking to count average connections per minute in seperate hour blocks

FC50
Path Finder
‎06-11-2021 08:10 AM

I'm looking to get a connections per minute search which breaks the results down by the hour. For example something like the following:

0900-1000  16.68

1000-1100   6.58

1100-1200  4.75

1200-1300  3.87

I have a search that works out the connections per minute average for a period of time:

index=cisco* product=ASA "AAA retrieved default group policy*" 
| timechart span=1m count
| stats avg(count) as avg_count | eval avg_count=round(avg_count,2)

Is there an easy way to adapt this so that i can search across today for example and have it return the many different values at different hours?

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-11-2021 09:27 AM 
index=cisco* product=ASA "AAA retrieved default group policy*" 
| timechart span=1m count
| bin span=1h _time
| stats avg(count) as avg_count by _time | eval avg_count=round(avg_count,2)

View solution in original post

Reply
Solved! Jump to solution

FC50
Path Finder
‎06-15-2021 02:50 AM

Awesome thanks, nice and simple

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-11-2021 09:27 AM 
index=cisco* product=ASA "AAA retrieved default group policy*" 
| timechart span=1m count
| bin span=1h _time
| stats avg(count) as avg_count by _time | eval avg_count=round(avg_count,2)
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...