Solved: Re: How to convert bytes to gb in dashboard?

nedwards94 · ‎07-19-2018

Created two panels with single value vizualisation on a dashboard displaying all traffic bytes inbound and outbound. Trying to convert the value to GB therefore need to divide it. Managed to get a search string that works on just a search, but doesn't display within the dashboard.

index="siem" sourcetype=proxy 
| stats sum(bytes_out) | eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

renjith_nair · ‎07-19-2018

@nedwards94,

sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.

Try this

index="siem" sourcetype=proxy 
| stats sum(bytes_out)  as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

Happy Splunking!

View solution in original post

hunderliggur · ‎04-12-2019

KB = bytes/1024
MB = bytes/(1024*1024) = bytes/1,048,576
GB = bytes/(1024*1024*1024) = bytes/1,073,741,824

There is a ~7% difference in volume using the binary values versus the straight decimal value (decimal rate will appear "higher")

nedwards94 · ‎07-19-2018

Ah, how annoying just a tiny addition. Thank you so much!

renjith_nair · ‎07-19-2018

@nedwards94,

sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.

Try this

index="siem" sourcetype=proxy 
| stats sum(bytes_out)  as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

Happy Splunking!

How to convert bytes to gb in dashboard?

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk