Splunk Search
Highlighted

In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

New Member

Hi,
I can see that there is a firewall that has started to send huge amount of traffic.
how can I see which event type (CiscoASAmessageid) is being used as top talker ?
how can I see which src
ip is the top talker as well ?

0 Karma
Highlighted

Re: In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

Builder

index=your_index sourcetype=cisco:asa | top eventtype

index=yourindex sourcetype=cisco:asa | top srcip

Highlighted

Re: In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

New Member

thanks for the information.
how can I see in MB/GB how much is being used ?

0 Karma