hi there
i am new on splunk, our NOC team wants to monitor the bandwidth (incoming and outgoing) on the 2 routers that connect to the Service provider, we want to make the search to be saved as dashboard and refresh every 15 minutes. kindly help with the search query that i can use on the search and reporting app
ov 8 08:55:01 0.0.0.0 name_of_device: 1171348: Nov 8 09:16:12.046 CAT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/0/40, vlan 110.([0000.0000.0000/0.0.0.0/0000.0000.0000/0.0.0.0/09:16:11 CAT Fri Nov 8 2019])
Nov 8 08:54:51 0.0.0.0 2019 Nov 8 08:54:12.001 CAT: %L2FM-4-L2FM_MAC_MOVE: Mac 0000.0000.0000 in vlan 1000 has moved from Po12 to Po300
Nov 8 08:54:36 name_of_device acllogs: Info: 1573196075.332 0 0.0.0.0 TCP_DENIED/407 0 POST http://name_of_device/SMS_FSP/.sms_fsp - NONE/- - OTHER-NONE-Fcon-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> -
thanks in advance
Is this data already in your Splunk instance? if yes, please post a sample of your data
OR
Are you yet to onboard this data to your Splunk instance? If yes, you need to first ingest these logs. For help on this, we need more clarity on what format these logs are in
i posted the data on the splunk, i cannot post everything, i changed the IPs to 0.0.0.0 and MAC address
thank you for getting back to me, the data is in splunk and it is also coming in real time, can you guide me on to post the sample of the data
Hi @ikaneng
Here's how
1. Click on edit your question
2. Post sample evens from your index which resemble your original data, mask any proprietary/organizational information
3. Highlight your sample data and press the Code Sample button (The button with 1s and 0s)
4. Save your question