I need to find a way to figure out how to get the Max Mbps per day over the course of a certain time frame, say a week. I currently have a search that gets some information from the Palo Alto logs, but some of the data looks incorrect, we only have a 100 Mbps connection to the outside world, which is "Ethernet 1/12"... What is wrong with this search and how can I get the results I am looking for? Thanks in advance, Chris.
index=pan* src_interface="ethernet1/12" | bin _time span=1s | stats sum(eval((bytes_in*8/1024)/1024)) as BI by _time | eval day=_time | bin day span=1d | eventstats max(BI) as "Max BI" by day | dedup "Max BI" | eval date_string=strftime(_time,"%m/%d/%y %H:%M:00") | chart first("Max BI") as "Max Mbps In" by date_string
And the results (incorrect):
... View more