Solved: Network logs - Join bytes base on unique ip over t...

totaro · ‎04-04-2019

Hi,

Im trying to generate a table that consolidate the bytes base on unique IP in a day with netflow logs.
In short, im trying to generate a report for the bandwidth used by each of the unique ip
Any help will be appreciated!
e.g.
Date UniqueIP Bytes
1-1-2019 1.2.3.4 500
1-1-2019 2.3.4.5 600
1-1-2019 3.4.5.6 700
Date UniqueIP Bytes
2-1-2019 11.2.3.4 500
2-1-2019 21.3.4.5 600
2-1-2019 31.4.5.6 700

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

View solution in original post

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

totaro · ‎04-04-2019

thanks! it work

Network logs - Join bytes base on unique ip over time

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

Network logs - Join bytes base on unique ip over time

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...