Splunk Search

In Cisco firewall data, how do I check for "top talkers" by event type from a specific host?

New Member

Hi,
I can see that there is a firewall that has started to send huge amount of traffic.
how can I see which event type (Cisco_ASA_message_id) is being used as top talker ?
how can I see which src_ip is the top talker as well ?

0 Karma

Builder

index=your_index sourcetype=cisco:asa | top eventtype

index=your_index sourcetype=cisco:asa | top src_ip

New Member

thanks for the information.
how can I see in MB/GB how much is being used ?

0 Karma