cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rkd
Loves-to-Learn Everything
Member since: ‎10-12-2020
‎10-13-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-12-2020
Activity Feed
Topics I've Started
View All

Transaction using datamodel

by in Splunk Search
‎10-13-2020 04:00 AM
‎10-13-2020 04:00 AM
Hello, I am trying to calculate the browse time and bandwith usage of users by looking at the log files of the firewall. As far as i can understand the best way to this is to use transaction command.  However, to make the transaction command more efficient, i tried to use it with tstats (which may be completely wrong). my assumption is that if there is more than one log for a source IP to a destination IP for the same time value, it is for the same session.  Here is my query: | tstats sum(datamodel.mbyte) as mbyte from datamodel=datamodel by _time source destination | transaction source destination maxpause=1m My questions are: is there a more efficient way to calculate these values? Max duration value for my query is always equals to maxpause value. Shouldn't be values greater than maxpause.  Thanks in advance ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-13-2020 11:01 AM