topic How to graph the rate from firewall logs with only start and end session messages ? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-graph-the-rate-from-firewall-logs-with-only-start-and-end/m-p/366024#M107972 <P>Hi,</P> <P>I have a network rate graph i build from my firewall logs with the timechart command:</P> <P>host=firewall_IP type=traffic | timechart sum(rcvdbyte) </P> <P>It works fine, except with very long sessions: because the firewall log is not packet-based but session-based, so for those sessions i only have a huge peak at the time of the session end, instead of a continuous line from the start to the end of the session.</P> <P>Is there a way to draw a chart which show a continuous rate between the session start and the end ?</P> <P>The messages (events) contain : session start time, session end time, session ID (unique), duration of session (in end message), cumulative bytes (in end message).</P> <P>thanks</P> Tue, 13 Feb 2018 10:24:40 GMT efourage 2018-02-13T10:24:40Z How to graph the rate from firewall logs with only start and end session messages ? https://community.splunk.com/t5/Splunk-Search/How-to-graph-the-rate-from-firewall-logs-with-only-start-and-end/m-p/366024#M107972 <P>Hi,</P> <P>I have a network rate graph i build from my firewall logs with the timechart command:</P> <P>host=firewall_IP type=traffic | timechart sum(rcvdbyte) </P> <P>It works fine, except with very long sessions: because the firewall log is not packet-based but session-based, so for those sessions i only have a huge peak at the time of the session end, instead of a continuous line from the start to the end of the session.</P> <P>Is there a way to draw a chart which show a continuous rate between the session start and the end ?</P> <P>The messages (events) contain : session start time, session end time, session ID (unique), duration of session (in end message), cumulative bytes (in end message).</P> <P>thanks</P> Tue, 13 Feb 2018 10:24:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-graph-the-rate-from-firewall-logs-with-only-start-and-end/m-p/366024#M107972 efourage 2018-02-13T10:24:40Z Re: How to graph the rate from firewall logs with only start and end session messages ? https://community.splunk.com/t5/Splunk-Search/How-to-graph-the-rate-from-firewall-logs-with-only-start-and-end/m-p/366025#M107973 <P>Bump, have the same question.</P> <P>We try to chart bytes over duration for a dedicated start time.<BR /> So the bytes have to be uniformley distributed in a time chart from start time + duration (as end time).</P> Tue, 11 Sep 2018 08:11:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-graph-the-rate-from-firewall-logs-with-only-start-and-end/m-p/366025#M107973 splk 2018-09-11T08:11:20Z