- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- how to create a bandwidth monitor
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to create a bandwidth monitor
hi there
i am new on splunk, our NOC team wants to monitor the bandwidth (incoming and outgoing) on the 2 routers that connect to the Service provider, we want to make the search to be saved as dashboard and refresh every 15 minutes. kindly help with the search query that i can use on the search and reporting app
ov 8 08:55:01 0.0.0.0 name_of_device: 1171348: Nov 8 09:16:12.046 CAT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/0/40, vlan 110.([0000.0000.0000/0.0.0.0/0000.0000.0000/0.0.0.0/09:16:11 CAT Fri Nov 8 2019])
Nov 8 08:54:51 0.0.0.0 2019 Nov 8 08:54:12.001 CAT: %L2FM-4-L2FM_MAC_MOVE: Mac 0000.0000.0000 in vlan 1000 has moved from Po12 to Po300
Nov 8 08:54:36 name_of_device acllogs: Info: 1573196075.332 0 0.0.0.0 TCP_DENIED/407 0 POST http://name_of_device/SMS_FSP/.sms_fsp - NONE/- - OTHER-NONE-Fcon-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> -
thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this data already in your Splunk instance? if yes, please post a sample of your data
OR
Are you yet to onboard this data to your Splunk instance? If yes, you need to first ingest these logs. For help on this, we need more clarity on what format these logs are in
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i posted the data on the splunk, i cannot post everything, i changed the IPs to 0.0.0.0 and MAC address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for getting back to me, the data is in splunk and it is also coming in real time, can you guide me on to post the sample of the data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ikaneng
Here's how
1. Click on edit your question
2. Post sample evens from your index which resemble your original data, mask any proprietary/organizational information
3. Highlight your sample data and press the Code Sample button (The button with 1s and 0s)
4. Save your question
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
