- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to calculate HTTP throughput in GB and average...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate HTTP throughput in GB and average HTTP throughput in KBits/Sec?
How do you calculate HTTP Throughput in GB and Average HTTP Throughput in KBits/Sec?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
very general question here ....
lets assume you have the field: throughput_kb and it has numerical values in it
if you want to calculate GB you will divide by 1024/1024 like this:
| eval throughput_gb = throughput_kb/1024/1024
you can avg using stats or eventstats or other options like chart and timechart for example:
try to run this search anywhere to create fake data, and use some functions to match your needs:
| gentimes start=-1 increment=20s
| eval _time = starttime
| eval throughput_kb = 1000000 + random()%1000000
| eval throughput_gb = throughput_kb/1024/1024
| fields _time throughput*
the above will create fake data with time and random values for throughput_kb
now try something like this:
| bin _time span=1m
| stats avg(throughput_kb) as avg_kb avg(throughput_gb) as avg_gb by _time
to get average per minute
and add this:
| eval avg_kb_per_sec = round(avg_kb / 60, 3)
to get average per second
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you add more details? What do the data events look like? What fields are being extracted?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we are sending application load balancer access logs to splunk those are https requests .i want to calculate those requests throughput in GB and kbps for 12 hours.
https 2019-06-21T06:33:39.959419Z app/awseb-AWSEB-1JTW8WORB68BR/40c70a85fc395740 10.194.7.56:63076 10.194.8.31:443 0.000 0.080 0.000 200 200 582 6403 "GET https://sifoprod.v3locity.com:443/api/pagecomponent/validGrids HTTP/1.1" "Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-1:734006704080:targetgroup/awseb-https-Q1QV9SXV1CT0/67aabd91e38ca297 "Root=1-5d0c7a43-210208c1db4fb6e6466bd35a" "sifoprod.v3locity.com" "arn:aws:acm:us-east-1:734006704080:certificate/594d00d3-5b18-432d-ac17-01c1d7035c60" 0 2019-06-21T06:33:39.879000Z "forward" "-" "-"
https 2019-06-21T06:33:39.925751Z app/awseb-AWSEB-1JTW8WORB68BR/40c70a85fc395740 10.194.7.56:63077 10.194.8.31:443 0.000 0.047 0.000 200 200 882 42860 "POST https://sifoprod.v3locity.com:443/api2/entitylabelservice HTTP/1.1" "Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-1:734006704080:targetgroup/awseb-https-Q1QV9SXV1CT0/67aabd91e38ca297 "Root=1-5d0c7a43-c36c2339f70f2d93f1c3ac93" "sifoprod.v3locity.com" "session-reused" 0 2019-06-21T06:33:39.876000Z "forward" "-" "-"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have not identified the fields that are being extracted. Which values in the samples above provide you with the throughput information?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you share some sample events?
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
