Reporting

Splunk instance to Splunk instance bandwidth utilization Report

ansif
Motivator

Is there a search query to check bandwidth utilized between to Splunk instance(eg:- Heavy forwarder to Heavy forwarder data being sent)?

Tags (1)
0 Karma
1 Solution

nickhills
Ultra Champion

Splunk Stream will answer this for you at the wire level , but you will want in install it on the recievingside, because otherwise the traffic it generates will get included in your results too!

If you are just concerned about the volume of data being indexed you can obtain this from the metrics log, but it wont give you an accurate picture of actual bytes transmitted etc, especially because it does not take account of the compression and transmission overheads of TCP/SSL etc.

If my comment helps, please give it a thumbs up!

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust

Will you please try this query ?

    index=_internal host=<SOURCE HF FQDN> source="*metrics.log*" destIp=<DEST HF IP> component=Metrics group=tcpout_connections | timechart avg(tcp_KBps) AS avg_KBps
0 Karma

nickhills
Ultra Champion

This will get you some of the way there - but the metrics file wont take account of DS/management traffic (not that it would be very much) but also I believe this reports the uncompressed & decoded data volume.
Not for example taking account of compression efficiency or normal TCP overheads like SSL.
It depends what @ansif is asking for - but if its total 'bytes on the wire' I'm not sure how close the metrics log would get you.

If my comment helps, please give it a thumbs up!

harsmarvania57
SplunkTrust
SplunkTrust

Yes, it looks like metrics.log is giving compressed log information not the actual one.

0 Karma

ansif
Motivator

@harsmarvania57 : I need to know the compression ratio. So can we confirm the search result give us compressed data usage over network before it get uncompressed and indexed at receiving end.

0 Karma

nickhills
Ultra Champion

Splunk Stream will answer this for you at the wire level , but you will want in install it on the recievingside, because otherwise the traffic it generates will get included in your results too!

If you are just concerned about the volume of data being indexed you can obtain this from the metrics log, but it wont give you an accurate picture of actual bytes transmitted etc, especially because it does not take account of the compression and transmission overheads of TCP/SSL etc.

If my comment helps, please give it a thumbs up!

ansif
Motivator

So I need to install this app at receiving side Heavy forwarder to get amount data transmitted over network right?

0 Karma

nickhills
Ultra Champion

You question said "Heavy forwarder to Heavy forwarder" - so I would install it on the receiving HF.

The problem with putting it on the sending HF, is that the sending HF can essentially generate 'logs of logs'
(Not a big deal, unless you are trying to measure the volume sent as you are)

If my comment helps, please give it a thumbs up!

ansif
Motivator

@nickhillscpl : If I am sending compressed data (compress = true) from HF to HF,using this app I am able to get the compressed data being sent over network per day.Am I right?

Actually I have similar question unanswered

https://answers.splunk.com/answers/593582/search-query-to-get-amount-of-compressed-data-hitt.html

Does this answer applicable for above question too?

0 Karma

nickhills
Ultra Champion

Stream will tell you the actual volume of data 'on the wire'.
That is to say the total number of bytes sent between hosts, so yes, this will be the compressed data volume + overheads.

I'll drop a note on your other issue.

If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...