Dashboards & Visualizations

how to create a bandwidth monitor

ikaneng
New Member

hi there

i am new on splunk, our NOC team wants to monitor the bandwidth (incoming and outgoing) on the 2 routers that connect to the Service provider, we want to make the search to be saved as dashboard and refresh every 15 minutes. kindly help with the search query that i can use on the search and reporting app

ov 8 08:55:01 0.0.0.0 name_of_device: 1171348: Nov 8 09:16:12.046 CAT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/0/40, vlan 110.([0000.0000.0000/0.0.0.0/0000.0000.0000/0.0.0.0/09:16:11 CAT Fri Nov 8 2019])
Nov 8 08:54:51 0.0.0.0 2019 Nov 8 08:54:12.001 CAT: %L2FM-4-L2FM_MAC_MOVE: Mac 0000.0000.0000 in vlan 1000 has moved from Po12 to Po300
Nov 8 08:54:36 name_of_device acllogs: Info: 1573196075.332 0 0.0.0.0 TCP_DENIED/407 0 POST http://name_of_device/SMS_FSP/.sms_fsp - NONE/- - OTHER-NONE-Fcon-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> -

thanks in advance

0 Karma

arjunpkishore5
Motivator

Is this data already in your Splunk instance? if yes, please post a sample of your data

OR

Are you yet to onboard this data to your Splunk instance? If yes, you need to first ingest these logs. For help on this, we need more clarity on what format these logs are in

0 Karma

ikaneng
New Member

i posted the data on the splunk, i cannot post everything, i changed the IPs to 0.0.0.0 and MAC address

0 Karma

ikaneng
New Member

thank you for getting back to me, the data is in splunk and it is also coming in real time, can you guide me on to post the sample of the data

0 Karma

arjunpkishore5
Motivator

Hi @ikaneng

Here's how
1. Click on edit your question
2. Post sample evens from your index which resemble your original data, mask any proprietary/organizational information
3. Highlight your sample data and press the Code Sample button (The button with 1s and 0s)
4. Save your question

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...