Hello, I'm trying to summarize the amount of data used by an
application, host, etc. over a given period of time. I'm sysloggging to
Splunk and seeing the following problem: long running sessions are
logged every 2 minutes with the cumulative amount ...
Thanks Frosty - that worked too: eventtype=ftnt_fgt_traffic logid !=
"0000000020" | eval GigaBytes=bytes/1024/1024/1024 | stats
sum(GigaBytes) as Total_GigaBytes by app | sort -Total_GigaBytes I would
say the only draw back is long running sessions a...
This Splunk search probably isn't efficient, but does what I need it to
do (the most recent syslog for a given sessionid is used to extract the
total bytes and application -> I then total bytes based on application
and finally sort based on largest a...
