https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297004#M40401 <P>I am attempting to create a visualization showing outgoing traffic from my firewall showing the destination IPs and ports. I'm limiting the time range to 15 minutes or less. The goal is to get a picture of the kind of traffic going out of the network and where.</P> <P>I've attempted to use Pivot but I'm not sure what to use as filters to get the desired output. Any suggestions?</P> Fri, 17 Nov 2017 12:27:58 GMT geoffmx 2017-11-17T12:27:58Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297004#M40401 <P>I am attempting to create a visualization showing outgoing traffic from my firewall showing the destination IPs and ports. I'm limiting the time range to 15 minutes or less. The goal is to get a picture of the kind of traffic going out of the network and where.</P> <P>I've attempted to use Pivot but I'm not sure what to use as filters to get the desired output. Any suggestions?</P> Fri, 17 Nov 2017 12:27:58 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297004#M40401 geoffmx 2017-11-17T12:27:58Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297005#M40402 <P>Try one of the following custom visualizations:</P> <P>Network Topology - Custom Visualization: <A href="https://splunkbase.splunk.com/app/3762/">https://splunkbase.splunk.com/app/3762/</A><BR /> Afterglow App - <A href="https://splunkbase.splunk.com/app/277/">https://splunkbase.splunk.com/app/277/</A><BR /> Sankey Custom Visualization - <A href="https://splunkbase.splunk.com/app/3112/">https://splunkbase.splunk.com/app/3112/</A></P> Fri, 17 Nov 2017 17:15:07 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297005#M40402 niketn 2017-11-17T17:15:07Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297006#M40403 <P>Thanks niketnilay! It may take a while before I can get approvals to download and test out apps in my splunk cloud instance. So I have to ask... does any of these sort by ports? They seem to show node-to-node visualization. I'd like to see what traffic is going out to destination port 22, 25, 53, 80, and so on.</P> Fri, 17 Nov 2017 18:34:13 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297006#M40403 geoffmx 2017-11-17T18:34:13Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297007#M40404 <P>I have not used <CODE>Afterglow</CODE> myself, but the other two I can list the query output expectations</P> <P>Network Topology - Custom Visualization, expects 5 columns which could be </P> <PRE><CODE> &lt;YourBaseSearch&gt; | table sourceHost sourcePort targetHost targetPort linkType </CODE></PRE> <P><CODE>Sankey Custom Visualization</CODE> expects stats like count, avg(bytes) for source and destination combination. It can have a circular dependency.</P> <PRE><CODE>&lt;YourBaseSearch&gt; | stats count, avg(bytes) by source destintion </CODE></PRE> <P>If you have source and destination latitude and longitude, you can use <CODE>Missile Map</CODE> Visualization: <A href="https://splunkbase.splunk.com/app/3511/">https://splunkbase.splunk.com/app/3511/</A></P> <P>So you can choose based on what data you can get from your logged events.</P> Fri, 17 Nov 2017 19:43:33 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297007#M40404 niketn 2017-11-17T19:43:33Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297008#M40405 <P>@geoffmx, in order to test and confirm whether these apps are good fit for your use case or not, you can try out these Apps on your local machine (may be monitor your home network traffic). These Apps come with built in examples as well.</P> Fri, 24 Nov 2017 04:31:44 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297008#M40405 niketn 2017-11-24T04:31:44Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297009#M40406 <P>Awesome! Thanks @niketnilay</P> Sun, 26 Nov 2017 06:31:31 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297009#M40406 geoffmx 2017-11-26T06:31:31Z https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297010#M40407 <P>@geoffmx, If you have tried the visualizations and have found any one working as per your use case, please remember to Accept my original answers and up vote and comments that helped.</P> Sun, 26 Nov 2017 09:03:30 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-do-I-create-a-line-graph-showing-traffic-over-time/m-p/297010#M40407 niketn 2017-11-26T09:03:30Z