Solved: Converting bytes to GB or MB

pmac22 · ‎05-16-2019

Hey all, I was getting confused by some of the splunk answers for converting and couldn't figure out the eval portion of my query. Can someone shed some light on how I can convert the bytes_out field from my palo logs to MB and GB? Query below, thank you in advance!

index=pan_logs sourcetype=pan:traffic
| stats sum(bytes_out) AS bytes_out by user src_ip dest_ip
| where bytes_out>35000000
| sort - bytes_out

ddrillic · ‎05-16-2019

In the spirit of - | eval GB=kb/1024/1024

View solution in original post

pmac22 · ‎05-16-2019

Thanks guys. Worked like a charm! Here's my updated search...

index=pan_logs sourcetype=pan:traffic
| stats sum(bytes_out) AS bytes_out by user src_ip dest_ip
| where bytes_out>35000000
| eval MB_out=round(bytes_out/1024/1024,2)
| sort - MB_out

ddrillic · ‎05-16-2019

In the spirit of - | eval GB=kb/1024/1024

dmarling · ‎05-16-2019

@ddrillic You may want to convert your comment to an answer as it was basically the answer he needed. I just added a comment to make it more specific to his use case.

If this comment/answer was helpful, please up vote it. Thank you.

ddrillic · ‎05-16-2019

Sure thing @dmarling ; -)

dmarling · ‎05-16-2019

@ddrillic has it correct. bytes_out/1024 will get you kilobytes divide that by 1024 to get megabytes and divide that by 1024 to get gigabytes: | eval GB_out=bytes_out/1024/1024/1024 to get megabytes: | eval MB_out=bytes_out/1024/1024

If this comment/answer was helpful, please up vote it. Thank you.

pmac22 · ‎05-16-2019

That worked out great! Thanks guys!

Converting bytes to GB or MB

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...