Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I create a line graph showing traffic over time?

geoffmx
Explorer
‎11-17-2017 04:27 AM

I am attempting to create a visualization showing outgoing traffic from my firewall showing the destination IPs and ports. I'm limiting the time range to 15 minutes or less. The goal is to get a picture of the kind of traffic going out of the network and where.

I've attempted to use Pivot but I'm not sure what to use as filters to get the desired output. Any suggestions?

Tags (1)
0 Karma
Reply

geoffmx
Explorer
‎11-17-2017 10:34 AM

Thanks niketnilay! It may take a while before I can get approvals to download and test out apps in my splunk cloud instance. So I have to ask... does any of these sort by ports? They seem to show node-to-node visualization. I'd like to see what traffic is going out to destination port 22, 25, 53, 80, and so on.

0 Karma
Reply

niketn
Legend
‎11-17-2017 11:43 AM

I have not used Afterglow myself, but the other two I can list the query output expectations

Network Topology - Custom Visualization, expects 5 columns which could be 

 <YourBaseSearch>
| table sourceHost sourcePort targetHost targetPort linkType

Sankey Custom Visualization expects stats like count, avg(bytes) for source and destination combination. It can have a circular dependency.

<YourBaseSearch>
| stats count, avg(bytes) by source destintion

If you have source and destination latitude and longitude, you can use Missile Map Visualization: https://splunkbase.splunk.com/app/3511/

So you can choose based on what data you can get from your logged events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

niketn
Legend
‎11-23-2017 08:31 PM

@geoffmx, in order to test and confirm whether these apps are good fit for your use case or not, you can try out these Apps on your local machine (may be monitor your home network traffic). These Apps come with built in examples as well.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

geoffmx
Explorer
‎11-25-2017 10:31 PM

Awesome! Thanks @niketnilay

0 Karma
Reply

niketn
Legend
‎11-26-2017 01:03 AM

@geoffmx, If you have tried the visualizations and have found any one working as per your use case, please remember to Accept my original answers and up vote and comments that helped.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

niketn
Legend
‎11-17-2017 09:15 AM

Try one of the following custom visualizations:

Network Topology - Custom Visualization: https://splunkbase.splunk.com/app/3762/
Afterglow App - https://splunkbase.splunk.com/app/277/
Sankey Custom Visualization - https://splunkbase.splunk.com/app/3112/

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...