Is there a way to create a Squid proxy visualizati...

All Apps and Add-ons

Ask a Question

Hello Members,

This is a great source of information and help. I am using the Splunk Add on for Squid Proxy.

I am getting data from the squid access log in the recommended splunk format. The dashboard that comes

with the install is find.

I am creating another dashboard based on that dashboard. I am monitoring bytes_in, bytes_out, and bytes.

It seems that the Splunk search for bytes is the total of bytes_in and bytes_out.

I am using a search that returns the sum of bytes_out using | status sum(bytes_out) for all src_ips. like this:

index=squid
| stats sum(bytes_out) as TotalBytes
| eval gigabytes=TotalBytes/1024/1024/1024
| table gigabytes

I do the same thing for "bytes" Is there some way I can create a visualization, using a single value viz,

so I can show bytes per time? Like x bytes / hour, maybe even one of those gauges? I would like to use a time picker with this as well - or a selectable span, etc Would the "timechart" allow me to do this?

Thanks so much,

eholz1

Get Updates on the Splunk Community!

Is there a way to create a Squid proxy visualization using a single value viz?

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation