Splunk noob here. I've been visting this site for awhile now so i decided to create my own account so I can learn more about the product.
I'm trying to create a bandwidth utilization for my web logs and I'm a bit confused on what search string should I be using to get accurate date. I have tried the following and got different ressults.
example A :
base search | eval s_kilobytes=(sentbyte/1024) | eval s_megabytes=s_kilobytes/1024 | eval s_gigabytes=s_megabytes/1024 | eval r_kilobytes=(rcvdbyte/1024) | eval r_megabytes=r_kilobytes/1024 | eval r_gigabytes=r_megabytes/1024| timechart sum(r_gigabytes) as "RECEIVED" sum(s_gigabytes)
example B:
base search | | stats sum(eval(((sentbyte*8)/(1024*1024*1024*1024) + (rcvdbyte*8)/(1024*1024*1024*1024))))
Which one is the more accurate one and what does the value 8 on second example means?
Abe
... View more