Hi David, netflow data reports dest_port and src_port. In my sample screenshot these values are 0. However in my splunk server the netflow events has values. The netflow event screenshot shared by Keiran at the start of this post also has values for dest_port and src_port. The search query you shared did not work for sflow events. ... View more

Hi Keiran, If you see my sflow V5 screen shot the below fields can be found. src_ip (I have erased the IP details in the screenshot for security reasons) src_port dest_ip dest_port (I have erased the IP details in the screenshot for security reasons) ... View more

Hi David, Sflow and netflow are two seperate events with unique field names. For example bytes_in is not present in sflow event. In this case can you please explain how bitrate will be calculated based on your above search query ? ... View more

Hi Keiran & David, sflow does not have bytes_in field. In this case how can we calculate the bitrate? FYI - I have uploaded the sflow screenshot earlier for reference. ... View more

Hi David, For sflow: I could not find any Splunk documentation reference. Any thoughts on the below queries related to sflow ? What are the fields that has to be used for calculating bitrate in sflow? What is the formula for calculating bitrate from sflow V5 data ? For Netflow: What is the formula for calculating bitrate from Netflow V9 data ? ... View more

Yes David, For netflow traffic we can use bytes_in field that i am sure. Exact bitrate formula for netflow, i am not sure. For sflow i could not find any Splunk documentation reference. Any thoughts on the below queries related to sflow ? What are the fields that has to be used for calculating bitrate in sflow? What is the formula for calculating bitrate from sflow V5 data ? ... View more

Hi David, Thanks for the search query. Still i am confused related to bitrate calculation because avg(bytes_in) will not give bitrate for the time range selected. Below is the specific information i wanted to generate the report. sflow: What are the fields that has to be used for calculating bitrate in sflow? What is the formula for calculating bitrate from sflow V5 data ? Netflow field : bytes_in What is the formula for calculating bitrate from Netflow V9 data ? Thanks, AKG ... View more

Hi David, The new post is yet to be approved. Lets continue working in this thread. Basically i am looking for network monitoring report via Splunk similar to Manage Engine/Solarwinds/Ipswitch dashboards. In the report i wanted to calculate metrics such as bitrate (bps) and traffic volume (bytes transferred in MB/GB). The search query should calculate these metrics for both netflow and sflow data which has the relevant data in different field names. Sample ingested sflow V5 and netflow V9 data fields are attached. Can you please help in creating a standard network monitoring report that contains source_IP , dest_IP , Port , Bitrate (bps) , Bytes (MB/GB) etc.. for a given time range. Thanks, AKG ... View more

Hi David, The new post status is "This post is currently awaiting moderation. If you believe this to be in error, contact a system administrator." Not sure when it will get approved. ... View more

Hi David and Keiran, I have created a new post. Please follow the below link. https://answers.splunk.com/answers/747044/how-to-create-network-monitoring-report-for-netflo.html?minQuestionBodyLength=80 Subject : How to create network monitoring report for netflow and sflow data ? Thanks, AKG ... View more

Sure David ... View more

Hi David, Thanks for the search query. However bps is not captured directly. For example in sflow data there is no field such as bps. It has to be calculated manually. Same applies to netflow as well. I am looking for the search queries that calculates bitrate (bps) and traffic volume (bytes transferred in MB/GB). The search query should calculate these metrics for both netflow and sflow data which has the relevant data in different field names. Basically i am looking for network monitoring report via Splunk. Any help on this is highly appreciated. ... View more

Hi David, I am trying to create custom dashboard report that lists the top N source to destination conversation by bit rate (bps) and traffic volume (Total MB/GB). Post this i wanted to include other fields like port and Interface ID's as well. Thanks, AKG ... View more

Hi, I have ingested netflow and sflow wire data from our Juniper switches. But there is no visualization app with inbuilt/default dashboards. Can someone help with SPL queries or apps that can visualize the data similar to Manage Engine/Solarwinds dashboards? Thanks, AKG ... View more