I've read most (if not all) of the questions/answers related to getting an average count of hits per hour. I've experimented with some of the queries posted by fellow splunkers and for the most part they've worked when using small queries (i.e. charting the two fields Total Count and Average Count . However, I've concocted a somewhat lengthy search query that doesn't seem to work correctly when trying to find the Average Request Per Hour (AvgReqPerHour) column. Let me show you what I have here.
... | timechart span=1h count(status_code) AS Events, count(eval(status_code>=200 AND status_code<=206)) AS SuccessfulRequests, count(eval(status_code>=300 AND status_code<=307)) AS RedirectedRequests, count(eval(status_code>=400 AND status_code <=505)) AS FailedRequests, dc(user_agent) AS TotalUsers, sum(file_size) AS TotalData, avg(file_size) AS AvgDataPerHour, avg(Events) AS AvgReqPerHour, avg(seconds) AS AvgResponseTimeSec
So, this search should display some useful columns for finding web related stats. It counts all status codes and gives the number of requests by column and gives me averages for data transferred per hour and requests per hour.
I hope someone else has done something similar and knows how to properly get the average requests per hour.
... View more