Solved: How do I find the bandwidth usage per user in my f...

khanlarloo · ‎12-31-2018

i want to know the bandwidth usage per user in my firewall logs. Can you tell me how to search my firewall logs:

 devname="fg"  type="traffic" subtype="forward" level="notice"   srcname="NP"  dstport=161  dstintfrole="lan"  proto=17 action="accept" user="user X" authserver="FSSO" policytype="policy" service="SNMP" dstcountry="Reserved" " duration=960 sentbyte=78270 rcvdbyte=120261 sentpkt=622 rcvdpkt=621 appcat="unscanned" sentdelta=6755 rcvddelta=10247osname="Windows 8.1 / 2012 "

renjith_nair · ‎12-31-2018

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎12-31-2018

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent

---
What goes around comes around. If it helps, hit it with Karma 🙂

khanlarloo · ‎12-31-2018

thank you.

khanlarloo · ‎12-31-2018

Thank you.

How do I find the bandwidth usage per user in my firewall logs?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

How do I find the bandwidth usage per user in my firewall logs?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine