I can see that there is a firewall that has started to send huge amount of traffic.
how can I see which event type (CiscoASAmessageid) is being used as top talker ?
how can I see which srcip is the top talker as well ?
index=your_index sourcetype=cisco:asa | top eventtype
index=yourindex sourcetype=cisco:asa | top srcip
thanks for the information.
how can I see in MB/GB how much is being used ?