Dashboards & Visualizations

How do I create a line graph showing traffic over time?

geoffmx
Explorer

I am attempting to create a visualization showing outgoing traffic from my firewall showing the destination IPs and ports. I'm limiting the time range to 15 minutes or less. The goal is to get a picture of the kind of traffic going out of the network and where.

I've attempted to use Pivot but I'm not sure what to use as filters to get the desired output. Any suggestions?

Tags (1)
0 Karma

geoffmx
Explorer

Thanks niketnilay! It may take a while before I can get approvals to download and test out apps in my splunk cloud instance. So I have to ask... does any of these sort by ports? They seem to show node-to-node visualization. I'd like to see what traffic is going out to destination port 22, 25, 53, 80, and so on.

0 Karma

niketnilay
Legend

I have not used Afterglow myself, but the other two I can list the query output expectations

Network Topology - Custom Visualization, expects 5 columns which could be

 <YourBaseSearch>
| table sourceHost sourcePort targetHost targetPort linkType

Sankey Custom Visualization expects stats like count, avg(bytes) for source and destination combination. It can have a circular dependency.

<YourBaseSearch>
| stats count, avg(bytes) by source destintion

If you have source and destination latitude and longitude, you can use Missile Map Visualization: https://splunkbase.splunk.com/app/3511/

So you can choose based on what data you can get from your logged events.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketnilay
Legend

@geoffmx, in order to test and confirm whether these apps are good fit for your use case or not, you can try out these Apps on your local machine (may be monitor your home network traffic). These Apps come with built in examples as well.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

geoffmx
Explorer

Awesome! Thanks @niketnilay

0 Karma

niketnilay
Legend

@geoffmx, If you have tried the visualizations and have found any one working as per your use case, please remember to Accept my original answers and up vote and comments that helped.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketnilay
Legend

Try one of the following custom visualizations:

Network Topology - Custom Visualization: https://splunkbase.splunk.com/app/3762/
Afterglow App - https://splunkbase.splunk.com/app/277/
Sankey Custom Visualization - https://splunkbase.splunk.com/app/3112/

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!