how to show top talker information based on the CS...

tailesley · ‎08-23-2011

HI,

Im very new to Splunk, i still learning to get splunk work to provide a high level report to the management to review. I have the data extracted from a csv file below. I would like to show the top talkers based on the IP address given below by adding both the byte_sent and byte_receive. How can i do this?

22/08/2011 21:38:59,IP-64.236.16.139,2263,7
22/08/2011 21:38:59,IP-64.128.203.22,115748,86

2263 is the byte_sent while 7 is the byte_received.
115748 is the byte_sent while 86 is the byte_received.

mzorzi · ‎08-23-2011

There are few ways to do this:

You can extract and name the fields using a Interactive Field Extractor included into Splunk. Here you can find link to documentation page and video:
- http://docs.splunk.com/Documentation/Splunk/latest/User/InteractiveFieldExtractionExample
- http://www.splunk.com/view/SP-CAAADUY
You can use the Field Extractor App:
- http://splunk-base.splunk.com/apps/22291/field-extractor
You can extract your fields using configuration files, like described here:
- http://splunk-base.splunk.com/answers/13580/teach-splunk-42-to-identify-positions-in-a-csv-file

how to show top talker information based on the CSV file received from analyzer

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases