Archive

examples of searches to capture network thruput

Kendrick33
Explorer

Do you have any examples of searches capturing network thruput?

Tags (1)
0 Karma

Simeon
Splunk Employee
Splunk Employee

Splunk will track the top 10 inputs based on source and host. To retrieve that information, you could run the following search:

index=_internal source=*metrics.log* per_host_thruput | timechart sum(kb) by series

To increase the number of tracked inputs, you can set that in your limits.conf file for metrics tracking.

Genti
Splunk Employee
Splunk Employee

how about this:

index="_internal" source="*metrics.log*" per_host_thruput | timechart max(kbps) by series | addtotals
0 Karma

Kendrick33
Explorer

I am monitoring a cluster of servers and am trying to capture the network thruput by host. I know splunk has a basic one out of the box. Thrput_by_host(*). However, I would like to be able to pinpoint the thruput of each server. When I attempted to hone the search, I couldn't get any data back. For example

Thruput_by_host(*) | timechart span=24h avg(Thruput_by_host()) as AvgHostThruput, AvgHostThruput renders nothing.

0 Karma

Simeon
Splunk Employee
Splunk Employee

Your question is not very clear without any information about the data source (input).

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!