Solved: Each weekday's visitors broken down by hours

jason_hunsberge · ‎04-29-2014

I can get Splunk to show me that my weekday day of fewest visitors is Saturday for the last three months.

sourcetype=iis
| timechart span=1h dc(c_ip) as unique_ips
| eval hour_24 = strftime(_time, "%H")
| stats avg(unique_ips) by hour_24

I can also have Splunk show me that my hour of fewest visitors is 9p for the last three months.

sourcetype=iis
| timechart span=1d dc(c_ip) as unique_ips
| eval weekday = strftime(_time, "%w")
| stats avg(unique_ips) by weekday

What I would like to see is what the hour of fewest visitors is on all weekdays for the last three months. Is such a chart possible in Splunk? Ideally this would display in a timechart/linegraph format.

Any help would be appreciated in constructing the search strings.

martin_mueller · ‎04-29-2014

You can combine the two:

... | timechart span=1h ... | eval hour_24 ... | eval weekday ... | stats avg(unique_ips) by weekday hour_24

View solution in original post

martin_mueller · ‎04-29-2014

You can combine the two:

... | timechart span=1h ... | eval hour_24 ... | eval weekday ... | stats avg(unique_ips) by weekday hour_24

jason_hunsberge · ‎04-29-2014

perfect. thanks!

Each weekday's visitors broken down by hours

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor