Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to calculate Total Bandwidth Usage using bytes,bytes_in and bytes_out

vellas78
New Member
‎05-15-2019 06:30 AM

my proxy is capturing three fields such as bytes,bytes_in and bytes_out out of which in need to calculate total bandwidth utilization for onemonth. I have framed the below query
index=Proxy site="XXX"|eval BW= ((bytes_in+bytes_out)/1024)/1024
where I am adding both indound and outbound data and then converting it into Megabytes and after that the values are displaying as below
Top 10 Values Count %

0.06401729583740234 710 1.86%

0.0640115737915039 533 1.396%

0.06404876708984375 493 1.292%

0.06402873992919922 475 1.244%

0.06401443481445312 428 1.121%

0.38465213775634766 390 1.022%

0.06403446197509766 345 0.904%
But I need it to be displayed in numeric values only and it should be MB's or GB's and it should also give me overall bandwidth for onemonth

Tags (2)
0 Karma
Reply

vikramyadav
Contributor
‎05-15-2019 08:55 AM

I understood that you are trying to get total bandwidth utilization for 1 month.
Query
index=Proxy site="XXX"
| eval IO_bytes= (bytes_in+bytes_out)/1024
| eval Bytes=(bytes/1024)
| eval Total_bytes= if(IO_bytes=Bytes, Bytes,Total_bytes)
| table Bytes Total_bytes

0 Karma
Reply

jodyfsu
Path Finder
‎05-15-2019 06:47 AM

You may want to use stats instead of Top as it does other logic. I did something a little different:

search
| eval MB=(BYTES/1024)
| eval GB=(MB/1024)
| stats sum(GB) by host

0 Karma
Reply

vellas78
New Member
‎05-15-2019 07:07 AM

Hi Jodyfsu,
Thank you for the search query simplification. since i have 3 fields such as bytes,bytes_in and bytes_out but in the above search it only bytes/1024, does it mean bytes will capture the total data of both incoming and outgoing? secondly the final one stats sum(GB) so i don't want it to group by either user or host i just wanted to get total Banwidth so doing stats sum(GB) will give the over all BandWidth i think. Kindly correct me if I am wrong on any of thing explained above.

0 Karma
Reply

jodyfsu
Path Finder
‎05-15-2019 07:29 AM

Hey Vellas78, in my logs I only have the bytes so you may need to do the addition for your data.

| eval MB=((bytes_in+bytes_out)/1024)
| stats sum(MB)

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...