cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
LarrySplunking
Explorer
Member since: ‎07-28-2022
‎01-31-2023
Community Statistics
Posts 4
Solutions 1
Karma Given 8
Karma Received 0
Member Since ‎07-28-2022
Activity Feed
View All

Re: How to top sbimb and top sbomb for each src_ip...

by in Splunk Search
‎01-19-2023 12:08 PM
‎01-19-2023 12:08 PM
i get top 2 sbimb, I want top sbimb and sbomb per src_ip. It is working with stats.  thanks   ... View more

Re: How to top sbimb and top sbomb for each src_ip...

by in Splunk Search
‎01-19-2023 09:17 AM
‎01-19-2023 09:17 AM
did with stats max(field) by src_ip,dest and values for other fields ... View more

Re: How to top sbimb and top sbomb for each src_ip...

by in Splunk Search
‎01-19-2023 06:49 AM
‎01-19-2023 06:49 AM
I get when I add |top limit=2 sbimb sbomb dest by src_ip  - they are not the top, tried without dest but same if I sort by sbomb I see event I want, same with sbomb I see the sbomb event greatest for src_IP   I want out bound per IP with top inbound per IP with top   ... View more

How to top sbimb and top sbomb for each src_ip?

by in Splunk Search
‎01-18-2023 07:39 AM
‎01-18-2023 07:39 AM
I have a report index IN (proxy) src_ip=* |eventstats sum(sbimb) as Totalsbimb, sum(sbomb) as Totalsbomb by src_ip | search (sbimb > 300) OR (sbomb > 20) OR (Totalsbimb > 500) OR (Totalsbomb > 10) | sort -sbomb Tried top but can only get one or the other and I need to pass dest,totalsbomb and totalsbimb with the top event.  I keep finding ways to get one but not the other. I am tring to get a table with src_ip, dest, sbimb(for dest) sbomb (for dest) totalsbomb and totalsbimb for src_ip .  query takes too long to run twice with append.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-31-2023 08:37 AM
Karma given to