Solved: Network logs - Join bytes base on unique ip over t...

totaro · ‎04-04-2019

Hi,

Im trying to generate a table that consolidate the bytes base on unique IP in a day with netflow logs.
In short, im trying to generate a report for the bandwidth used by each of the unique ip
Any help will be appreciated!
e.g.
Date UniqueIP Bytes
1-1-2019 1.2.3.4 500
1-1-2019 2.3.4.5 600
1-1-2019 3.4.5.6 700
Date UniqueIP Bytes
2-1-2019 11.2.3.4 500
2-1-2019 21.3.4.5 600
2-1-2019 31.4.5.6 700

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

View solution in original post

vnravikumar · ‎04-04-2019

Hi

Give a try

your query..| eval Date=strftime(_time,"%d-%m-%Y") 
| stats sum(Bytes) as Bytes by Date,UniqueIP

totaro · ‎04-04-2019

thanks! it work

Network logs - Join bytes base on unique ip over time

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation