Solved: Network logs - Join bytes base on unique ip over t...

totaro · ‎04-04-2019

Hi,

Im trying to generate a table that consolidate the bytes base on unique IP in a day with netflow logs.
In short, im trying to generate a report for the bandwidth used by each of the unique ip
Any help will be appreciated!
e.g.
Date UniqueIP Bytes
1-1-2019 1.2.3.4 500
1-1-2019 2.3.4.5 600
1-1-2019 3.4.5.6 700
Date UniqueIP Bytes
2-1-2019 11.2.3.4 500
2-1-2019 21.3.4.5 600
2-1-2019 31.4.5.6 700

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

View solution in original post

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

totaro · ‎04-04-2019

thanks! it work

Network logs - Join bytes base on unique ip over time

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation