Solved: How to convert bytes to gb in dashboard?

nedwards94 · ‎07-19-2018

Created two panels with single value vizualisation on a dashboard displaying all traffic bytes inbound and outbound. Trying to convert the value to GB therefore need to divide it. Managed to get a search string that works on just a search, but doesn't display within the dashboard.

index="siem" sourcetype=proxy 
| stats sum(bytes_out) | eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

renjith_nair · ‎07-19-2018

@nedwards94,

sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.

Try this

index="siem" sourcetype=proxy 
| stats sum(bytes_out)  as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

hunderliggur · ‎04-12-2019

KB = bytes/1024
MB = bytes/(1024*1024) = bytes/1,048,576
GB = bytes/(1024*1024*1024) = bytes/1,073,741,824

There is a ~7% difference in volume using the binary values versus the straight decimal value (decimal rate will appear "higher")

nedwards94 · ‎07-19-2018

Ah, how annoying just a tiny addition. Thank you so much!

renjith_nair · ‎07-19-2018

@nedwards94,

sum(bytes_out) gives the field as sum(bytes_out) itself. You need to alias it to bytes_out.

Try this

index="siem" sourcetype=proxy 
| stats sum(bytes_out)  as bytes_out| eval GB_bytes=(bytes_out/1000000000) | stats count by GB_bytes

---
What goes around comes around. If it helps, hit it with Karma 🙂

How to convert bytes to gb in dashboard?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services