Solved: peak day count for the day of the month and avg fo...

francly · ‎08-29-2021

Hi, I get the exactly same count for avg and peak, any issue with my query?

index=a sourcetype=ab earliest=-30d latest=now
 | bucket _time span=1mon
 | stats count by _time
 | eval date_month=strftime(_time, "%b")
 | eval date_day=strftime(_time, "%a")
 | stats avg(count) as AverageCountPerDay max(count) AS Peak_Per_Month by date_month, date_day

date_month date_day AverageCountPerDay Peak_Per_Month

Aug	Sun	82037650	82037650
Jul	Thu	4621995	4621995

ITWhisperer · ‎08-30-2021

| bin _time span=1d

View solution in original post

ITWhisperer · ‎08-29-2021

Bucket is setting each _time to the beginning of the month, stats is counting for that day so you are only getting one count for each month, so average and max are the same

francly · ‎08-30-2021

What is the query I should use?

ITWhisperer · ‎08-30-2021

| bin _time span=1d

peak day count for the day of the month and avg for the month

stats

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash