my proxy is capturing three fields such as bytes,bytes_in and bytes_out out of which in need to calculate total bandwidth utilization for onemonth. I have framed the below query
index=Proxy site="XXX"|eval BW= ((bytes_in+bytes_out)/1024)/1024
where I am adding both indound and outbound data and then converting it into Megabytes and after that the values are displaying as below
Top 10 Values Count %
0.06401729583740234 710 1.86%
0.0640115737915039 533 1.396%
0.06404876708984375 493 1.292%
0.06402873992919922 475 1.244%
0.06401443481445312 428 1.121%
0.38465213775634766 390 1.022%
0.06403446197509766 345 0.904%
But I need it to be displayed in numeric values only and it should be MB's or GB's and it should also give me overall bandwidth for onemonth
I understood that you are trying to get total bandwidth utilization for 1 month.
Query
index=Proxy site="XXX"
| eval IO_bytes= (bytes_in+bytes_out)/1024
| eval Bytes=(bytes/1024)
| eval Total_bytes= if(IO_bytes=Bytes, Bytes,Total_bytes)
| table Bytes Total_bytes
You may want to use stats instead of Top as it does other logic. I did something a little different:
search
| eval MB=(BYTES/1024)
| eval GB=(MB/1024)
| stats sum(GB) by host
Hi Jodyfsu,
Thank you for the search query simplification. since i have 3 fields such as bytes,bytes_in and bytes_out but in the above search it only bytes/1024, does it mean bytes will capture the total data of both incoming and outgoing? secondly the final one stats sum(GB) so i don't want it to group by either user or host i just wanted to get total Banwidth so doing stats sum(GB) will give the over all BandWidth i think. Kindly correct me if I am wrong on any of thing explained above.
Hey Vellas78, in my logs I only have the bytes so you may need to do the addition for your data.
| eval MB=((bytes_in+bytes_out)/1024)
| stats sum(MB)