Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Enterprise
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Bandwidth utilization for all the interface from o...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bandwidth utilization for all the interface from one event
gowri
New Member
09-02-2015
02:07 PM
This is my sample:
IF-MIB::ifInOctets."1" = "0" IF-MIB::ifOutOctets."1" = "0" IF-MIB::ifSpeed."1" = "1544000" IF-MIB::ifInOctets."2" = "1187372505" IF-MIB::ifOutOctets."2" = "2986764562" IF-MIB::ifSpeed."2" = "100000000" IF-MIB::ifInOctets."3" = "1943133249" IF-MIB::ifOutOctets."3" = "1502732268" IF-MIB::ifSpeed."3" = "100000000" IF-MIB::ifInOctets."4" = "0" IF-MIB::ifOutOctets."4" = "0" IF-MIB::ifSpeed."4" = "56000" IF-MIB::ifInOctets."5" = "0" IF-MIB::ifOutOctets."5" = "0" IF-MIB::ifSpeed."5" = "4294967295" IF-MIB::ifInOctets."6" = "0" IF-MIB::ifOutOctets."6" = "5703" IF-MIB::ifSpeed."6" = "4294967295" IF-MIB::ifInOctets."7" = "0" IF-MIB::ifOutOctets."7" = "5703" IF-MIB::ifSpeed."7" = "4294967295" IF-MIB::ifInOctets."8" = "0" IF-MIB::ifOutOctets."8" = "5703" IF-MIB::ifSpeed."8" = "4294967295" IF-MIB::ifInUcastPkts."1" = "0" IF-MIB::ifOu
I am trying to caluculate the bandwidth utilization of all the interface. But i could get it for the interface 1 .
index="snmp-stats" host="172.16.1.1" |delta inbound_traffic as DIFFIN p=1 | delta outbound_traffic as DIFFOUT p=1 | eval BandIN=DIFFIN*800/100000000 | eval BandOUT=DIFFOUT*800/100000000 | table _time BandIN BandOUT | sort -_time | rename _time as Time | convert ctime(Time) | head 500
I am getting a table like this
BandIN BandOUT Interface
xxxxxxx yyyyyyyy 1
zzzzzz bnbbbbb 1
hhhhh nnnnnnn 1
I want something like this
BandIN BandOUT Interface
xxxxxxx yyyyyyyy 1
zzzzzz bnbbbbb 2
hhhhh nnnnnnn 3
2323 ggggg 4
Can anyone please help me solve this issue. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
09-03-2015
08:08 AM
Assuming that your sample data is NOT all 1 event, and the traffic fields are accumulators, try this:
index="snmp-stats" host="172.16.1.1" | stats earliest(inbound_traffic) AS earliestIn latest(inbound_traffic) AS latestIn earliest(outbound_traffic) AS earliestOut latest(outbound_traffic) AS latestOut BY host Interface| eval BandIN=(latestIn - earliestIn)*8/(1024*1024) | eval BandOUT=(latestOut - earliestOut)*8/(1024*1024) | table host Interface BandIN BandOUT
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gowri
New Member
09-03-2015
08:37 AM
Hi , Thanks for the reply. .My event is all one event.Will this work for one event.
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
