Splunk Search

i would like to get the total bandwidth used by a particular subnet in my network

ikaneng
New Member

i would like to get the total bandwidth used by a particular subnet in my network, please help, i am new in splunk,

Tags (1)
0 Karma

prakash007
Builder

we might need more details like how your field=values look like, and what's your sample search you started with.

0 Karma

ikaneng
New Member

hi prakash007, can you suggest a basic search that I can try out, totally new in this thing,

0 Karma

prakash007
Builder

@ikaneng: how's your raw data look like, we need more details to come up with a search...
If it's a ipv4 you can have this in your base search, you might have to use cidrmatch for ipv6...

e.g: index=index_name sourcetype=stype subnet_ip=10.0.0.1/24 | stats count, max(connsbyHost) as max_bandwidth, min(connsbyHost) as min_bandwidth, avg(connsbyHost) as avg_bandwidth BY Interface

go though this splunk docs for reference..
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Aggregatefunctions#max.28X.29
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/ConditionalFunctions#cidrmatch.28....

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...