how to show top talker information based on the CS...

tailesley · ‎08-23-2011

HI,

Im very new to Splunk, i still learning to get splunk work to provide a high level report to the management to review. I have the data extracted from a csv file below. I would like to show the top talkers based on the IP address given below by adding both the byte_sent and byte_receive. How can i do this?

22/08/2011 21:38:59,IP-64.236.16.139,2263,7
22/08/2011 21:38:59,IP-64.128.203.22,115748,86

2263 is the byte_sent while 7 is the byte_received.
115748 is the byte_sent while 86 is the byte_received.

mzorzi · ‎08-23-2011

There are few ways to do this:

You can extract and name the fields using a Interactive Field Extractor included into Splunk. Here you can find link to documentation page and video:
- http://docs.splunk.com/Documentation/Splunk/latest/User/InteractiveFieldExtractionExample
- http://www.splunk.com/view/SP-CAAADUY
You can use the Field Extractor App:
- http://splunk-base.splunk.com/apps/22291/field-extractor
You can extract your fields using configuration files, like described here:
- http://splunk-base.splunk.com/answers/13580/teach-splunk-42-to-identify-positions-in-a-csv-file

how to show top talker information based on the CSV file received from analyzer

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

how to show top talker information based on the CSV file received from analyzer

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I