Solved: How to search the number of bytes sent/received by...

pierra56 · ‎07-24-2014

I'm blocking.

I would like to appear in the form of a graph or table, the number of bytes that my top 5 IP addresses consume. I do not understand exactly what is meant by the "count" in variable "sent" to fortigate log. Have you any idea?

somesoni2 · ‎07-28-2014

How about this?

sourcetype=mynetworkdata | stats sum(sent_bytes) as send sum(rcvd_bytes) as receive by src_ip_addr (column 1) | sort - send,receive | head 5

View solution in original post

somesoni2 · ‎07-28-2014

How about this?

sourcetype=mynetworkdata | stats sum(sent_bytes) as send sum(rcvd_bytes) as receive by src_ip_addr (column 1) | sort - send,receive | head 5

pierra56 · ‎07-28-2014

Thx for your response.
I would like to add another column. It is the separator to use ? this "|"
for exemple:
sourcetype=mynetworkdata |
stats sum(sent_bytes) as send by src_ip_addr (column 1) | sort - send
stats sum(rcvd_bytes) as receive by src_ip_addr (column 2) | sort - receive
| head 5

gkanapathy · ‎07-26-2014

I was with you until you started asking about "count", as that comes with no context. The first part of your question is probably:

sourcetype=mynetworkdata | stats sum(bytes) as bytes by src_ip_addr | sort - bytes | head 5

somesoni2 · ‎07-24-2014

You're looking for a search query to get the information which can be used in form of table graph? (the command line in the question is just confusiong).

Have a look at this as well. http://answers.splunk.com/answers/138212/top-10-ip-along-w-top-4-ports

How to search the number of bytes sent/received by top 5 IP addresses in my fortigate firewall?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!