examples of searches to capture network thruput

Kendrick33 · ‎10-05-2010

Do you have any examples of searches capturing network thruput?

Simeon · ‎10-05-2010

Splunk will track the top 10 inputs based on source and host. To retrieve that information, you could run the following search:

index=_internal source=*metrics.log* per_host_thruput | timechart sum(kb) by series

To increase the number of tracked inputs, you can set that in your limits.conf file for metrics tracking.

Genti · ‎10-05-2010

how about this:

index="_internal" source="*metrics.log*" per_host_thruput | timechart max(kbps) by series | addtotals

Kendrick33 · ‎10-05-2010

I am monitoring a cluster of servers and am trying to capture the network thruput by host. I know splunk has a basic one out of the box. Thrput_by_host(*). However, I would like to be able to pinpoint the thruput of each server. When I attempted to hone the search, I couldn't get any data back. For example

Thruput_by_host(*) | timechart span=24h avg(Thruput_by_host()) as AvgHostThruput, AvgHostThruput renders nothing.

Simeon · ‎10-05-2010

Your question is not very clear without any information about the data source (input).

examples of searches to capture network thruput

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...