Splunk Search

How do I check which major destinations generate the most logs on a specific firewall host?

renangomes
New Member

How do I check which major destinations generate the most logs on a specific firewall host = 10.22.44.254? I would like to know the correct command to know the main destinations and also how to filter without them, to know how much license I would save if I don't receive them?

Labels (1)
Tags (1)
0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@renangomes - You can use the below search:

index=<firewall index> host="10.22.44.254"
| top 10 dest

 

You can see the percentage and see your current license usage by this host and see X percentage of that license usage you will save.

(You can check the license usage by this host on Monitoring Consoles' Historic License Usage page.)

 

I hope this helps!!!

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...