Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Most Active Day and Least Active Day for IIS Web Traffic

IIS

Description

Submitted by SplunkNinja

The following Splunk query will return the most active and the least active days for web traffic in an IIS environment:
0 0 
sourcetype="iis" | bucket span=1d _time | top limit=1 _time | eval Date=strftime(_time, "%m/%d/%Y") | eval Metric="Most Active Date" | append [ search sourcetype="iis" | bucket span=1d _time | rare limit=1 _time | eval Date=strftime(_time, "%m/%d/%Y") | eval Metric="Least Active Date"] | fields - _time, count, percent | fields Metric, Date

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom