Security

How do I find the bandwidth usage per user in my firewall logs?

khanlarloo
Explorer

i want to know the bandwidth usage per user in my firewall logs. Can you tell me how to search my firewall logs:

 devname="fg"  type="traffic" subtype="forward" level="notice"   srcname="NP"  dstport=161  dstintfrole="lan"  proto=17 action="accept" user="user X" authserver="FSSO" policytype="policy" service="SNMP" dstcountry="Reserved" " duration=960 sentbyte=78270 rcvdbyte=120261 sentpkt=622 rcvdpkt=621 appcat="unscanned" sentdelta=6755 rcvddelta=10247osname="Windows 8.1 / 2012 " 
0 Karma
1 Solution

renjith_nair
Legend

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma

renjith_nair
Legend

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma

khanlarloo
Explorer

thank you.

0 Karma

khanlarloo
Explorer

Thank you.

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...