Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- how to create a bandwidth monitor
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to create a bandwidth monitor
ikaneng
New Member
11-06-2019
12:02 AM
hi there
i am new on splunk, our NOC team wants to monitor the bandwidth (incoming and outgoing) on the 2 routers that connect to the Service provider, we want to make the search to be saved as dashboard and refresh every 15 minutes. kindly help with the search query that i can use on the search and reporting app
ov 8 08:55:01 0.0.0.0 name_of_device: 1171348: Nov 8 09:16:12.046 CAT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/0/40, vlan 110.([0000.0000.0000/0.0.0.0/0000.0000.0000/0.0.0.0/09:16:11 CAT Fri Nov 8 2019])
Nov 8 08:54:51 0.0.0.0 2019 Nov 8 08:54:12.001 CAT: %L2FM-4-L2FM_MAC_MOVE: Mac 0000.0000.0000 in vlan 1000 has moved from Po12 to Po300
Nov 8 08:54:36 name_of_device acllogs: Info: 1573196075.332 0 0.0.0.0 TCP_DENIED/407 0 POST http://name_of_device/SMS_FSP/.sms_fsp - NONE/- - OTHER-NONE-Fcon-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> -
thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
arjunpkishore5
Motivator
11-06-2019
04:23 AM
Is this data already in your Splunk instance? if yes, please post a sample of your data
OR
Are you yet to onboard this data to your Splunk instance? If yes, you need to first ingest these logs. For help on this, we need more clarity on what format these logs are in
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ikaneng
New Member
11-07-2019
11:09 PM
i posted the data on the splunk, i cannot post everything, i changed the IPs to 0.0.0.0 and MAC address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ikaneng
New Member
11-06-2019
04:29 AM
thank you for getting back to me, the data is in splunk and it is also coming in real time, can you guide me on to post the sample of the data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
arjunpkishore5
Motivator
11-06-2019
05:01 AM
Hi @ikaneng
Here's how
1. Click on edit your question
2. Post sample evens from your index which resemble your original data, mask any proprietary/organizational information
3. Highlight your sample data and press the Code Sample button (The button with 1s and 0s)
4. Save your question
Get Updates on the Splunk Community!
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0
Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
