Re: How to obtain the highest daily traffic flow d...

flora123 · ‎08-19-2013

hi!
I want to get the highest daily traffic by day, so I try this as below

... | convert timeformat="%Y/%m/%d" ctime(_time) as Date | stats count as c by` Date,date_hour | sort 1 - c

But the num of sort can't use a variable

If I use this

... | convert timeformat="%Y/%m/%d" ctime(_time) as Date | stats count as c by Date,date_hour | stats max(c) as MAX by Date

I can't get the date_hour...

I want to get the result as..

Date  date_hour c
2013/8/13 15 100
2013/8/14 1  111
2013/8/15 6  91

Can someone help me find how to deal with it?

Thank you a lot. m(_ _)m

richnavis · ‎08-19-2013

...| stats max(c) as MAX Values(date_hour) by Date

flora123 · ‎08-19-2013

hi mavis.
Thanks for your advice.
but i want to get one highest hour by every day.just like the sample result.
Values will show all hour......thanks a lot~m(_ _)m

Ayn · ‎08-19-2013

Why not use timechart?

... | timechart span=1h count

flora123 · ‎08-19-2013

hi kristian.
I got it!Thank you very much~~!

flora123 · ‎08-19-2013

hi Ayn.
Thanks for your advice.
I've tried, but the result is not what I want.it show the count of every hour,but i just want to get the highest......thanks a lot~m(_ _)m

kristian_kolb · ‎08-19-2013

or a

... | eval Date = strftime(_time, "%Y/%m/%d")| top 1 date_hour by Date | fields - percent

/K

How to obtain the highest daily traffic flow data that hour

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to obtain the highest daily traffic flow data that hour

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I