Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to calculate Total Bandwidth Usage using byte...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate Total Bandwidth Usage using bytes,bytes_in and bytes_out
vellas78
New Member
05-15-2019
06:30 AM
my proxy is capturing three fields such as bytes,bytes_in and bytes_out out of which in need to calculate total bandwidth utilization for onemonth. I have framed the below query
index=Proxy site="XXX"|eval BW= ((bytes_in+bytes_out)/1024)/1024
where I am adding both indound and outbound data and then converting it into Megabytes and after that the values are displaying as below
Top 10 Values Count %
0.06401729583740234 710 1.86%
0.0640115737915039 533 1.396%
0.06404876708984375 493 1.292%
0.06402873992919922 475 1.244%
0.06401443481445312 428 1.121%
0.38465213775634766 390 1.022%
0.06403446197509766 345 0.904%
But I need it to be displayed in numeric values only and it should be MB's or GB's and it should also give me overall bandwidth for onemonth
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vikramyadav
Contributor
05-15-2019
08:55 AM
I understood that you are trying to get total bandwidth utilization for 1 month.
Query
index=Proxy site="XXX"
| eval IO_bytes= (bytes_in+bytes_out)/1024
| eval Bytes=(bytes/1024)
| eval Total_bytes= if(IO_bytes=Bytes, Bytes,Total_bytes)
| table Bytes Total_bytes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jodyfsu
Path Finder
05-15-2019
06:47 AM
You may want to use stats instead of Top as it does other logic. I did something a little different:
search
| eval MB=(BYTES/1024)
| eval GB=(MB/1024)
| stats sum(GB) by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vellas78
New Member
05-15-2019
07:07 AM
Hi Jodyfsu,
Thank you for the search query simplification. since i have 3 fields such as bytes,bytes_in and bytes_out but in the above search it only bytes/1024, does it mean bytes will capture the total data of both incoming and outgoing? secondly the final one stats sum(GB) so i don't want it to group by either user or host i just wanted to get total Banwidth so doing stats sum(GB) will give the over all BandWidth i think. Kindly correct me if I am wrong on any of thing explained above.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jodyfsu
Path Finder
05-15-2019
07:29 AM
Hey Vellas78, in my logs I only have the bytes so you may need to do the addition for your data.
| eval MB=((bytes_in+bytes_out)/1024)
| stats sum(MB)
Get Updates on the Splunk Community!
Splunk App for Anomaly Detection End of Life Announcment
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
