I currently get events that shows bytes received from a router. What I'm trying to do is use stats to obtained a sum of all traffic, then categorize traffic by apps.
Example:
Table:
| Sum of Bytes | 999
| Sum of Http Bytes | 89
| Sum of VoIP Bytes | 910
What my search looks like:
index=* | stats sum(Bytes) ,sum(Bytes) where [interface]="A" , sum(Bytes) where [interface]="B"
... View more