Solved: Graph of peak traffic measured by hour

karthy · ‎05-06-2011

I have an apache-like access log and would like to graph the traffic by hour. However, the graph I want is a graph of the number of requests pr. hour divided by 60*60 so that it is easy to identify the busy hour expressed in requests pr. seconds.

I assume I have to use bins or span, but I have been unsuccessful so far. Any hints?

David · ‎05-06-2011

If you're looking for the average per hour, I'd go this route:

YourSearch | timechart span=1h count as TotalRequests 
           | eval RequestsPerSecond = TotalRequests/3600

If you wanted to look at the actual busiest second, you could go for:

YourSearch | bucket _time span=1s 
           | stats count as RequestsPerSec by _time 
           | timechart span=1h avg(RequestsPerSec) Max(RequestsPerSec)

View solution in original post

David · ‎05-06-2011

If you're looking for the average per hour, I'd go this route:

YourSearch | timechart span=1h count as TotalRequests 
           | eval RequestsPerSecond = TotalRequests/3600

If you wanted to look at the actual busiest second, you could go for:

YourSearch | bucket _time span=1s 
           | stats count as RequestsPerSec by _time 
           | timechart span=1h avg(RequestsPerSec) Max(RequestsPerSec)

David · ‎05-10-2011

Excellent! I'm glad to hear it.

karthy · ‎05-10-2011

Thanks - works just right!

Graph of peak traffic measured by hour

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability