Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

i would like to get the total bandwidth used by a particular subnet in my network

ikaneng
New Member
‎12-17-2018 06:31 AM

i would like to get the total bandwidth used by a particular subnet in my network, please help, i am new in splunk,

Tags (1)
0 Karma
Reply

prakash007
Builder
‎12-17-2018 09:19 AM

we might need more details like how your field=values look like, and what's your sample search you started with.

0 Karma
Reply

ikaneng
New Member
‎12-18-2018 01:37 AM

hi prakash007, can you suggest a basic search that I can try out, totally new in this thing,

0 Karma
Reply

prakash007
Builder
‎12-18-2018 09:12 AM

@ikaneng: how's your raw data look like, we need more details to come up with a search...
If it's a ipv4 you can have this in your base search, you might have to use cidrmatch for ipv6...

e.g: index=index_name sourcetype=stype subnet_ip=10.0.0.1/24 | stats count, max(connsbyHost) as max_bandwidth, min(connsbyHost) as min_bandwidth, avg(connsbyHost) as avg_bandwidth BY Interface

go though this splunk docs for reference..
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Aggregatefunctions#max.28X.29
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/ConditionalFunctions#cidrmatch.28....

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...