Hello Splunk Experts,
I am using the Squid Proxy dashboard, and the TA squid plugin, etc. Works well.
I notice the dashboard uses the "sourcetype=squid" to gather data. On the splunk documentation for the proxy, the site suggests using the "squid:access;recommended" for the Squid Proxy TA plugin.
I have modified the inputs.conf file on my forwarder to use index=squid, and sourcetype=sqid, but
I have the squid.conf file using the splunk recommended log format - everything works.
My question is could we use this app to determine the bandwidth for a given time frame?
I see values: bytes, bytes_in (mostly = 181 for many events), and bytes_out.
Can any of these values provide information on total bandwidth or usages?
thanks,
eholz1
By "bandwidth" I assume you want some sort of bytes per second measurement? So, yes, both bytes in and bytes out would be very useful in this context. However, you would also need a couple of time fields, e.g. at least two out of three of start time of transmission, end time of transmission and duration of transmission.
By "bandwidth" I assume you want some sort of bytes per second measurement? So, yes, both bytes in and bytes out would be very useful in this context. However, you would also need a couple of time fields, e.g. at least two out of three of start time of transmission, end time of transmission and duration of transmission.
Thanks for the reply, I see there is quite a lot of things that can be searched.
I also see time is a factor as well. I would like to be able to check, for a specific src_ip, assuming the
user is doing a download - to sum the process, bytes_in, I would guess, and TCP breaks the
total download into smaller pieces, etc. So I should be able to get the time of the download, and the total amount of bytes downloaded. Does that make sense,
Thanks again,
eholz1