Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how convert byte to Mb

soheilamiri
Explorer
‎12-20-2020 03:57 AM

hello guys

i am new in splunk world, i want to create a report that show total inbound traffic in Mb. here is my search code : 

 

 

 

 

 

sourcetype=fgt_traffic dest=1.1.1.* NOT (src=1.1.1.* OR dest=skyroom.online) bytes_in>0 AND action ="allowed"

 

 

 

 

 

and here is my pivot visual with table entry.

splunk1.JPG 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

soheilamiri
Explorer
‎12-21-2020 02:43 AM

hi @scelikok thanks for your answer

i customize our code : 

sourcetype=fgt_traffic dest=0.0.0.0 NOT (src=0.0.0.0 OR dest=test.com) bytes_in>0 NOT action ="blocked" 
| stats  sum(bytes_in) as "Total Traffic Receive" by dstip
| eval "Total Traffic Receive"=round('Total Traffic Receive'/10240/1024,2)
| rename dstip as "DMZ Server"

 it's work perfect.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎12-20-2020 06:02 AM

@soheilamiri, changing timechart command to stats should work;

sourcetype=fgt_traffic dest=1.1.1.* NOT (src=1.1.1.* OR dest=skyroom.online) bytes_in>0 AND action ="allowed" 
| stats count(srcip) as From eval(round(sum(bytes_in)/1024/1024,2)) as "Total Traffic Receive" values(dstport) as Port by dstip | rename dstip as"DMZ Server"

 

If this resolves your issue, an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

soheilamiri
Explorer
‎12-20-2020 06:10 AM

hi @scelikok 

i get this error : 

Error in 'stats' command: The argument 'eval(round(sum(bytes_in)/1024/1024,2))' is invalid.
 
Tags (1)
0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎12-20-2020 12:59 PM

Sorry @soheilamiri, I wrote without testing, below should work

sourcetype=fgt_traffic dest=1.1.1.* NOT (src=1.1.1.* OR dest=skyroom.online) bytes_in>0 AND action ="allowed" 
| stats count(srcip) as From sum(bytes_in) as "Total Traffic Receive" values(dstport) as Port by dstip 
| eval "Total Traffic Receive"=round('Total Traffic Receive'/1024/1024,2)
| rename dstip as"DMZ Server"

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

soheilamiri
Explorer
‎12-21-2020 02:43 AM

hi @scelikok thanks for your answer

i customize our code : 

sourcetype=fgt_traffic dest=0.0.0.0 NOT (src=0.0.0.0 OR dest=test.com) bytes_in>0 NOT action ="blocked" 
| stats  sum(bytes_in) as "Total Traffic Receive" by dstip
| eval "Total Traffic Receive"=round('Total Traffic Receive'/10240/1024,2)
| rename dstip as "DMZ Server"

 it's work perfect.

0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎12-20-2020 04:20 AM

Hi @soheilamiri, please try below;

sourcetype=fgt_traffic dest=1.1.1.* NOT (src=1.1.1.* OR dest=skyroom.online) bytes_in>0 AND action ="allowed" 
| timechart count(srcip) as From eval(round(sum(bytes_in)/1024/1024,2)) as "Total Traffic Receive" values(dstport) as Port by dstip | rename dstip as"DMZ Server"
If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

soheilamiri
Explorer
‎12-20-2020 05:44 AM

Hi @scelikok 

thanks for reply. the output of suggested script is not what i aspect.

here is IMAGE  that show more details. the X axis should be dest and the Y axis should be Bytes_in in Mb.

how can i create this chart with my specific visual.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...