- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Created two panels with single value vizualisation on a dashboard displaying all traffic bytes inbound and outbound. Trying to convert the value to GB therefore need to divide it. Managed to get a search string that works on just a search, but doesn't display within the dashboard.
index="siem" sourcetype=proxy
| stats sum(bytes_out) | eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@nedwards94,
sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.
Try this
index="siem" sourcetype=proxy
| stats sum(bytes_out) as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
KB = bytes/1024
MB = bytes/(1024*1024) = bytes/1,048,576
GB = bytes/(1024*1024*1024) = bytes/1,073,741,824
There is a ~7% difference in volume using the binary values versus the straight decimal value (decimal rate will appear "higher")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah, how annoying just a tiny addition. Thank you so much!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@nedwards94,
sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.
Try this
index="siem" sourcetype=proxy
| stats sum(bytes_out) as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes
What goes around comes around. If it helps, hit it with Karma 🙂
