...he values.
I created a query in the calculated fields that should translate all the values in the Action field to the strings allowed and blocked as supposed to be in the NetworkTraffic Data Model....
Hello,
I have to find out the used networktraffic by source IPs.
I've got a field which contains the size of a single packet, but how can I find out the whole size of the used traffic?
T...
I have a lookup table of IP ranges with location names. I'm trying to search networktraffic and add a "location" field to the result based on what IP range the src_ip falls under. I do not have a...
...ule in Settings->Data Model->NetworkTraffic with Eval Expression if(isnull(rule) OR rule="unknown" OR rule="","unknown_test",rule_id) i dont see any changes:
communicate | table _time,host,s...
...can select the pre-defined sourcetypes I created.
For the EZproxy logs, I uploaded files into a test index and then extracted fields. Do I now take those regexes and plug them into the t...
I'd like to implement some basic searches for network infrastructure monitoring without getting caught up in the differences between sourcetypes and field names.
Are there any basic searches t...
Hello,
collectd is the mechanism to obtain information about networktraffic (octets per second).
The search to create a visualization of the data in a dashboard is below.
| m...
I'm reviewing the logs to make sure the fields match the Splunk Enterprise Security CIM and datamodels. The query shows me this percentage, understanding that they are the fields that are required v...
...ata model for different zones, or should I combine all in a single data model. For example, I have 3 different independent network zones, DMZ, Zone A and Zone B. Each of those zones will have m...
I have a search that evals out a calculation from other fields to a "Duration" field for netflow data. Is there a way to populate duration in the networktraffic datamodel with the results of t...