Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Web datamodel contains negative values for bytes ingested from Umbrella proxylogs

nagamadhupriyan
Loves-to-Learn Lots
‎07-02-2020 05:03 AM

The Web datamodel contains negative values for bytes ingested from Umbrella proxylogs

below is the query that we are using for the search

| tstats `summariesonly` sum(Web.bytes_out) as size_out, sum(Web.bytes_in) as size_in, values(Web.http_method) as method
from datamodel=Web.Web by Web.user,Web.url, _time span=1d
| `drop_dm_object_name("Web")`

Labels (2)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-02-2020 05:13 AM

Hi @nagamadhupriyan ,

you should see how Datampdel is populated, maybe it uses a wrong field or a wrong field extraction.

Ciao.

Giuseppe

0 Karma
Reply

nagamadhupriyan
Loves-to-Learn Lots
‎07-02-2020 05:18 AM

Hi 

 

byte field :case(isnum(bytes),bytes,isnum(bytes_in) AND isnum(bytes_out),
bytes_in+bytes_out,1=1,null())   

 

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...