HI,
Im very new to Splunk, i still learning to get splunk work to provide a high level report to the management to review. I have the data extracted from a csv file below. I would like to show the top talkers based on the IP address given below by adding both the byte_sent and byte_receive. How can i do this?
22/08/2011 21:38:59,IP-64.236.16.139,2263,7
22/08/2011 21:38:59,IP-64.128.203.22,115748,86
2263 is the byte_sent while 7 is the byte_received.
115748 is the byte_sent while 86 is the byte_received.
There are few ways to do this:
You can extract and name the fields using a Interactive Field Extractor included into Splunk. Here you can find link to documentation page and video:
You can use the Field Extractor App:
You can extract your fields using configuration files, like described here: