Hello Splunk Community,

I'm calculating the port Utilization with this search:

sourcetype=snmp host="xyz" InterfaceId=123456789 inOctets=* OR inMulticast=* OR inUcast=* OR inBroadcast=* OR InterfaceSpeed=*  
|sort _time 
|delta inBroadcast as deltaBroadcast 
|delta inOctets as deltaOctets 
|delta inMulticast as deltaMulticast 
|delta inUcast as deltaUnicast 
|delta _time as period |transaction _time 
|eval deltaPackets = deltaUnicast+deltaBroadcast+deltaMulticast 
|eval fl = deltaPackets*11 + (deltaOctets*8) 
|eval sl = 30*InterfaceSpeed*10000 
|eval Utilization = fl/sl 
|table InterfaceId del* InterfaceSpeed _time Utilization

Which works for one specific port. My problem is, that I'm not able to calculate the values for all ports of a host. Do you have any ideas?

Greets