Dashboards & Visualizations

How do I create a line graph showing traffic over time?

geoffmx
Explorer

I am attempting to create a visualization showing outgoing traffic from my firewall showing the destination IPs and ports. I'm limiting the time range to 15 minutes or less. The goal is to get a picture of the kind of traffic going out of the network and where.

I've attempted to use Pivot but I'm not sure what to use as filters to get the desired output. Any suggestions?

Tags (1)
0 Karma

geoffmx
Explorer

Thanks niketnilay! It may take a while before I can get approvals to download and test out apps in my splunk cloud instance. So I have to ask... does any of these sort by ports? They seem to show node-to-node visualization. I'd like to see what traffic is going out to destination port 22, 25, 53, 80, and so on.

0 Karma

niketn
Legend

I have not used Afterglow myself, but the other two I can list the query output expectations

Network Topology - Custom Visualization, expects 5 columns which could be

 <YourBaseSearch>
| table sourceHost sourcePort targetHost targetPort linkType

Sankey Custom Visualization expects stats like count, avg(bytes) for source and destination combination. It can have a circular dependency.

<YourBaseSearch>
| stats count, avg(bytes) by source destintion

If you have source and destination latitude and longitude, you can use Missile Map Visualization: https://splunkbase.splunk.com/app/3511/

So you can choose based on what data you can get from your logged events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

@geoffmx, in order to test and confirm whether these apps are good fit for your use case or not, you can try out these Apps on your local machine (may be monitor your home network traffic). These Apps come with built in examples as well.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

geoffmx
Explorer

Awesome! Thanks @niketnilay

0 Karma

niketn
Legend

@geoffmx, If you have tried the visualizations and have found any one working as per your use case, please remember to Accept my original answers and up vote and comments that helped.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

Try one of the following custom visualizations:

Network Topology - Custom Visualization: https://splunkbase.splunk.com/app/3762/
Afterglow App - https://splunkbase.splunk.com/app/277/
Sankey Custom Visualization - https://splunkbase.splunk.com/app/3112/

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...