Re: How to obtain the highest daily traffic flow d...

flora123 · ‎08-19-2013

hi!
I want to get the highest daily traffic by day, so I try this as below

... | convert timeformat="%Y/%m/%d" ctime(_time) as Date | stats count as c by` Date,date_hour | sort 1 - c

But the num of sort can't use a variable

If I use this

... | convert timeformat="%Y/%m/%d" ctime(_time) as Date | stats count as c by Date,date_hour | stats max(c) as MAX by Date

I can't get the date_hour...

I want to get the result as..

Date  date_hour c
2013/8/13 15 100
2013/8/14 1  111
2013/8/15 6  91

Can someone help me find how to deal with it?

Thank you a lot. m(_ _)m

richnavis · ‎08-19-2013

...| stats max(c) as MAX Values(date_hour) by Date

flora123 · ‎08-19-2013

hi mavis.
Thanks for your advice.
but i want to get one highest hour by every day.just like the sample result.
Values will show all hour......thanks a lot~m(_ _)m

Ayn · ‎08-19-2013

Why not use timechart?

... | timechart span=1h count

flora123 · ‎08-19-2013

hi kristian.
I got it!Thank you very much~~!

flora123 · ‎08-19-2013

hi Ayn.
Thanks for your advice.
I've tried, but the result is not what I want.it show the count of every hour,but i just want to get the highest......thanks a lot~m(_ _)m

kristian_kolb · ‎08-19-2013

or a

... | eval Date = strftime(_time, "%Y/%m/%d")| top 1 date_hour by Date | fields - percent

/K

How to obtain the highest daily traffic flow data that hour

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Are you a member of the Splunk Community?

How to obtain the highest daily traffic flow data that hour

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code