Solved: Re: Converting bytes to GB or MB

pmac22 · ‎05-16-2019

Hey all, I was getting confused by some of the splunk answers for converting and couldn't figure out the eval portion of my query. Can someone shed some light on how I can convert the bytes_out field from my palo logs to MB and GB? Query below, thank you in advance!

index=pan_logs sourcetype=pan:traffic
| stats sum(bytes_out) AS bytes_out by user src_ip dest_ip
| where bytes_out>35000000
| sort - bytes_out

ddrillic · ‎05-16-2019

In the spirit of - | eval GB=kb/1024/1024

View solution in original post

pmac22 · ‎05-16-2019

Thanks guys. Worked like a charm! Here's my updated search...

index=pan_logs sourcetype=pan:traffic
| stats sum(bytes_out) AS bytes_out by user src_ip dest_ip
| where bytes_out>35000000
| eval MB_out=round(bytes_out/1024/1024,2)
| sort - MB_out

ddrillic · ‎05-16-2019

In the spirit of - | eval GB=kb/1024/1024

dmarling · ‎05-16-2019

@ddrillic You may want to convert your comment to an answer as it was basically the answer he needed. I just added a comment to make it more specific to his use case.

If this comment/answer was helpful, please up vote it. Thank you.

ddrillic · ‎05-16-2019

Sure thing @dmarling ; -)

dmarling · ‎05-16-2019

@ddrillic has it correct. bytes_out/1024 will get you kilobytes divide that by 1024 to get megabytes and divide that by 1024 to get gigabytes: | eval GB_out=bytes_out/1024/1024/1024 to get megabytes: | eval MB_out=bytes_out/1024/1024

If this comment/answer was helpful, please up vote it. Thank you.

pmac22 · ‎05-16-2019

That worked out great! Thanks guys!

Converting bytes to GB or MB

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms