I can see that there is a firewall that has started to send huge amount of traffic.
how can I see which event type (Cisco_ASA_message_id) is being used as top talker ?
how can I see which src_ip is the top talker as well ?
index=your_index sourcetype=cisco:asa | top eventtype
index=your_index sourcetype=cisco:asa | top src_ip
thanks for the information.
how can I see in MB/GB how much is being used ?