- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
khanlarloo
Explorer
12-31-2018
01:08 AM
i want to know the bandwidth usage per user in my firewall logs. Can you tell me how to search my firewall logs:
devname="fg" type="traffic" subtype="forward" level="notice" srcname="NP" dstport=161 dstintfrole="lan" proto=17 action="accept" user="user X" authserver="FSSO" policytype="policy" service="SNMP" dstcountry="Reserved" " duration=960 sentbyte=78270 rcvdbyte=120261 sentpkt=622 rcvdpkt=621 appcat="unscanned" sentdelta=6755 rcvddelta=10247osname="Windows 8.1 / 2012 "
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
12-31-2018
03:20 AM
@khanlarloo,
Try this and verify with your tests
index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
12-31-2018
03:20 AM
@khanlarloo,
Try this and verify with your tests
index="your index" source="your firewall source" | stats sum(rcvdbyte) as rcvd,sum(sentbyte) as sent by user
|eval bandwidth=rcvd + sent
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
khanlarloo
Explorer
12-31-2018
10:06 PM
thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
khanlarloo
Explorer
12-31-2018
05:42 AM
Thank you.
