Show flow monitor cache filter ipv4 destination address regexp 172.16.This project contains all the components and documentation necessary to start collecting and visualizing Netflow data using Splunk. The following example filters the cache data on the IPv4 destination address and the destination port: Show flow monitor cache filter ipv4 source address regexp 10.* aggregate record netflow ipv4 protocol-port sort transport destination-port top 5 format recordĮxample Filtering Using Multiple Filtering Criteria The following example combines filtering using a regular expression, aggregation using a predefined record, sorting the flow monitor cache data, limiting the display output to a specific number of high volume flows (top talkers), and displaying the output in record format. Show flow monitor cache filter ipv4 protocol regexp (1|6)aggregate ipv4 destination address collect ipv4 protocol sort counter bytes top 4 The following example combines filtering, aggregation, collecting additional field data, sorting the flow monitor cache data, and limiting the display output to a specific number of high volume flows (top talkers). Show flow monitor cache sort highest counter packets top 3 Show flow monitor cache aggregate ipv4 destination address collect ipv4 protocol interface inputĮxample Sort - Displays the cache data sorted on the number of packets from highest to lowest and limits the output to the three highest volume flows (Displaying the Top N Talkers with Sorted Flow Data): Show flow monitor cache filter ipv4 tos regexp 0x(C0|50)Įxample Aggreagate - Aggregates the flow monitor cache data on the IPv4 destination address and displays the cache data for the IPv4 protocol type and input interface nonkey fields:
Show flow monitor cache filter options Įxample Filter - filters the flow monitor cache data on the IPv4 type of service (ToS) value: Note, when the top keyword is not used with a sort, the default number of sorted flows shown is 20. The aggregate command aggregates the flow monitor cache data with a different record than the cache was created with. There are three basic commands that can be used individually or combined to filter, aggregate and sort the flow monitor cache.
No configuration tasks are associated with the Flexible NetFlow Top N Talkers Support feature - show commands only. Using FNF Top N Talkers to analyse network traffic General commands to show the FNF setup show run flow exporter
0 kommentar(er)
