×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Hami-g
New Member
Member since: ‎11-10-2023
‎11-13-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-10-2023
Activity Feed
View All

Calculate any Server network throughput from Cisc...

by in Splunk Search
‎11-10-2023 05:48 PM
‎11-10-2023 05:48 PM
I can see logs from Cisco ASA firewall to Splunk and we are getting logs when a connection close. It have the total data send with bytes.    Nov 1 12:19:48 ASA-FW-01 : %ASA-6-302014: Teardown TCP connection 4043630532 for INSIDE-339:192.168.42.10/37308 to OUTSIDE-340:192.168.36.26/8080 duration 0:00:00 bytes 6398 TCP FINs from INSIDE-VLAN339   I am unable to see bytes as a valid field.  I tried to create Extract New Fields for this.    ^(?:[^:\n]*:){8}\d+\s+(?P<BYTES>\w+\s+)   But when I use in the search it fails.    index=asa_* src_ip = "192.168.42.10" | rex field=_raw DATA=0 "^(?:[^:\n]*:){8}\d+\s+(?P<BYTES>\w+\s+)"     OBJECTIVE :  Calculate Server throughput for flows using Cisco ASA logs.   So view the network throughput for the flows using splunk.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-13-2023 07:55 AM