Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunking bandwidth from GTA firewalls

FiveRiversIT
Engager
‎03-16-2012 11:44 AM

Hello. I'm completely new to splunking and a novice with this firewall.

I'm pretty much trying to monitor bandwidth from a device in my network. I want a nice dashboard to show me this.

So the search that i am using is basically starts like

dstname=10.1.11.103 OR src=10.1.11.103

But not sure what goes next. I'm super clueless and i apologize for this thanks.

Here is a log entry, ip's ommited:

Mar 16 14:36:09 10.1.11.1 Mar 16 14:36:09 id=firewall time="2012-03-16 18:36:09" fw="00000000" pri=5 msg="Accept inbound, NAT tunnel" cat_action=pass dstname=10.1.11.103 proto=https/tcp src=10.1.11.102 srcport=4023 nat=208.x.x.134 natport=443 dnat=10.1.11.1 dnatport=4023 dst=10.1.11.103 dstport=443 rule=3 duration=134 sent=1531 rcvd=12945 pkts_sent=11 pkts_rcvd=14

Tags (2)
Reply

FiveRiversIT
Engager
‎03-16-2012 11:58 AM

I'm wondering if this syntax is correct:

dstname=10.1.11.103 OR src=10.1.11.103 | timechart sum(rcvd)

Reply

lguinn2
Legend
‎03-16-2012 02:39 PM

or even

dstname=10.1.11.103 OR src=10.1.11.103 |
eval tbytes= rcvd + sent |
timechart sum(tbytes)

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎03-16-2012 12:14 PM

yes, that is exactly right. you can also do: ... | timechart sum(rcvd), sum(sent).

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...