Thanks Giuseppe 😉 ... View more

I figured out that it doesn't work with 3 of the 1024 in your coding (1024,1024,1024). What I think it's doing is using the Sentbyte or Rcvdbyte as 1024 so you only need another 2 of the 1024 in your coding to divide it to get to GB. I'm not sure if I made sense... but it works. ... View more

Okay... I fiddled with the coding and I think I have it!!! This actually gives me GB's index= * | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd | eval TotalSent=round((TotalSent)/1024/1024,2) | eval TotalRcvd=round((TotalRcvd)/1024/1024,2) | eval TotalGB=round((TotalSent+TotalRcvd),2) | table TotalSent TotalRcvd TotalGB ... View more

Thanks for your help Guiseppe but the only coding that worked for me is below. I'm pretty sure it's showing me GB. I tried your coding but it's still not showing me the GB amounts. I've changed it to NOT show by app now and just give me an overall amount. if I use 1024/1024/1024 it doesn't work. Do you think this coding would show me GB or Bytes? index=* | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd | eval TotalSent=round((TotalSent)/1024,2) | eval TotalRcvd=round((TotalRcvd)/1024,2) | addtotals ... View more

Thanks somesoni2 but this coding is not working for me. Still doesn't display the GB. I have played around with some coding and I find this gives me a result but not sure how accurate it is. Sorry new to Splunk and coding so not sure if this is showing a result of MB converting to GB? Is it correct? index=* | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd by app | eval TotalGB=round((TotalSent+TotalRcvd)/1024,2) | addtotals | dedup app | sort -Total | head 30 ... View more

I'm not sure why it's not working. I played around with it and came up with this but unsure if it's giving me the correct information. It is converting MB to GB right? Sorry... new to splunk and coding. index=* | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd by app | eval TotalGB=round((TotalSent+TotalRcvd)/1024,2) | addtotals | dedup app | sort -Total | head 30 ... View more

Hi Giuseppe, Thanks for the coding and I have tried it but again it doesn't give me the GB's. This is just an example of the result and I only included first App, It appears in MB (I think) and I get no totals in the 'TotalGB' column. Can you please help? P.s. Can't line up the APP row to go under the headings. There was no GB's in that column. app TotalSent TotalRcvd TotalGB Total 1 HTTP 1348273 830314 2178587 index= * | eval TotalMB=round((TotalSent+TotalRcvd)/1024/1024,2) | eval TotalGB=round(TotalMB/1024,2) | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd values(TotalGB) AS TotalGB by app | addtotals | sort -Total | head 30 ... View more

I found this coding but this does not appear to be working for me either. I wanted a search by app and total to GB index= * |stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd |eval TotalDownload=round((TotalRcvd)/1024/1024,2) |eval TotalUpload=round((TotalSent)/1024/1024,2) |eval TotalMB=round((TotalSent+TotalRcvd)/1024/1024,2) |eval TotalGB=round((TotalMB)/1024,2) |table TotalDownload TotalUpload TotalGB ... View more

I just ran your exact search with my index and it didn't work. ... View more

index= * | eval TotalMB=round((TotalSent+TotalRcvd)/1024/1024,2) | eval TotalGB=round(TotalMB/1024,2) | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd by app | addtotals | dedup app | sort limit=30 - total In the end, I had to use this coding and it seems to work. Sorry above 'eval' coding (in my original question) didn't work. ... View more

I had to change the coding above to show:- index=* | eval TotalMB=round((TotalSent+TotalRcvd)/1024/1024,2) | eval TotalGB=round(TotalMB/1024,2) | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd by app | addtotals | dedup app | sort limit=30 - total This is giving me some sent and received responses. Hopefully it's correct. I had to change the spacing for total as menitoned in the below answer. ... View more

Thank you. Played around with the total and the spacing and it works. I had to change the coding above to show:- index=* | eval TotalMB=round((TotalSent+TotalRcvd)/1024/1024,2) | eval TotalGB=round(TotalMB/1024,2) | stats sum(sentbyte) AS TotalSent, sum(rcvdbyte) AS TotalRcvd by app | addtotals | dedup app | sort limit=30 - total This is giving me some sent and received responses. Hopefully it's correct. ... View more