Find peak 10-minute traffic window per day
Problem / use case
You want to track system reliability by identifying, for each day, the specific 10-minute time window that experienced the highest number of ERROR logs. This helps pinpoint the most critical time periods for troubleshooting.
Query
source logs
| filter $m.severity == ERROR
| groupby $m.timestamp / 10m as bucket.ts count() as bucket.count
| groupby bucket.ts / 1d as day max_by(bucket.count, bucket) as bucket
| choose day.formatTimestamp('%d-%m-%Y') as day, bucket.count as count, bucket.ts.formatTimestamp('%d-%m-%Y %H:%M') as ts
Expected output
| day | count | ts |
|---|---|---|
| 23-05-2025 | 5813 | 23-05-2025 10:40 |
| 22-05-2025 | 4517 | 22-05-2025 10:50 |
| 20-05-2025 | 2047 | 20-05-2025 15:40 |
| 21-05-2025 | 4774 | 21-05-2025 11:10 |
| 24-05-2025 | 2743 | 24-05-2025 11:10 |
| 25-05-2025 | 3332 | 25-05-2025 11:20 |
| 26-05-2025 | 3558 | 26-05-2025 11:50 |
| 27-05-2025 | 3374 | 27-05-2025 11:00 |
Variations
- Change the alert_severity to 'WARNING' or another level for different insights.
- Adjust
10mto another duration like5mor30mdepending on your granularity needs. - Include additional grouping fields like
service_nameto break down by component.
Previous 
Summarize container restarts
Summarize container restarts Next Parsing date strings
Theme 
Light
light
dark
Light light dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal