Solved: How do I find the bandwidth usage per user in my f...

khanlarloo · ‎12-31-2018

i want to know the bandwidth usage per user in my firewall logs. Can you tell me how to search my firewall logs:

 devname="fg"  type="traffic" subtype="forward" level="notice"   srcname="NP"  dstport=161  dstintfrole="lan"  proto=17 action="accept" user="user X" authserver="FSSO" policytype="policy" service="SNMP" dstcountry="Reserved" " duration=960 sentbyte=78270 rcvdbyte=120261 sentpkt=622 rcvdpkt=621 appcat="unscanned" sentdelta=6755 rcvddelta=10247osname="Windows 8.1 / 2012 "

renjith_nair · ‎12-31-2018

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎12-31-2018

@khanlarloo,
Try this and verify with your tests

index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent

---
What goes around comes around. If it helps, hit it with Karma 🙂

khanlarloo · ‎12-31-2018

thank you.

khanlarloo · ‎12-31-2018

Thank you.

How do I find the bandwidth usage per user in my firewall logs?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?