1 2 Previous Next 17 Replies Latest reply on May 22, 2012 3:58 PM by sroering

    Web Reporter - Bandwidth by Subnet?


      I see that it's possible to do a bandwidth report by IP, but could I do a comparison of different subnets?



        • 1. Re: Web Reporter - Bandwidth by Subnet?

          The answer is "sort of".


          The Add/Edit dialog for IP Filters has options for adding IP Ranges, but not subnets.  Switch the radio button from "Search database" to "Add manually" and you will have the option to add IP ranges.

          1 of 1 people found this helpful
          • 2. Re: Web Reporter - Bandwidth by Subnet?

            The range is helpful thank you


            Is there a way I can get a total for a subnet to compare against others?

            • 3. Re: Web Reporter - Bandwidth by Subnet?

              Well, not really.. but you gave me a better idea that would solve the problem.


              use the user-defined columns with a customer rule-set.


              1) Make sure you are saving detail data on your log source processing options.

              2) Create a custom rule set that maps IP addresses into Subnets (Administration > Setup > Log Sources > Custom Rule Sets

              Replace 10\.10\.1\..* with

              Replace 10\.10\.2\..* with




              3) Enable user-defined columns and add your ruleset

                 a) Edit your log source and go to the user-defined colums tab

                 b) Enable "Popluate this column"

                 c) From the Log record drop down, select "client domain or ip address"

                 d) Check the box to "apply this ruleset", and select your ruleset you created in step 2.




              4) Import log data

              5) Create an advanced report with a query on the detail data set that has the user-defined column and bytes




              6) On the layout tab of the query, check the box for "Combine similar data in the results"

              7) On the column properties tab of the query, you can set the name for "user defined 1" on the report and set the sort order based on bytes.





              • 4. Re: Web Reporter - Bandwidth by Subnet?

                I ended up with one column with a bunch of data and 19 others with none



                • 5. Re: Web Reporter - Bandwidth by Subnet?

                  Given that there appears to be about 600Gb, I would assume that every ip is getting mapped into the same subnet....


                  Go back and modify


                  the rule-set.  If you haven't already done so, it looks like you will need to use our IPV6 format on the "replace" side...  Sorry, I didn't actually test this when I made the screenshots. Regardless if the IP is IPV4 or IPV6, Web Reporter converts IP addresses into IPV6 strings to be stored in the database. Apparently the rule set is getting the converted string instead of the original.


                  Again, this isn't tested, but this should be closer to what you need for the rule-set.


                  replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with

                  replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:02[0-9]{2} with



                  5 blocks of 4-zeros

                  1 block of 4-f's

                  last 8 characters are for the IPV4 address in hex form.


                  Good news is that your subnets for the reports can be mapped back to IPV4 by the ruleset.

                  • 6. Re: Web Reporter - Bandwidth by Subnet?

                    And another thing you can do is set the magnitude for bytes on the column properties of the query. Then you can display bytes in Mb or Gb, etc.

                    • 7. Re: Web Reporter - Bandwidth by Subnet?

                      We're almost there!


                      I'm not an expert with this kind of stuff, but it looks like your in your replace formula


                      replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with


                      the [0-9]{2} doesn't account for address that don't end in a number.


                      For example, = 0000:0000:0000:0000:0000:ffff:0a0a:011e therefore any addresses the end in a letter match the default $0



                      Also, just for reference, what language or  scheme is being used in the replace field?

                      • 8. Re: Web Reporter - Bandwidth by Subnet?

                        Figured it out by playing around!


                        Change [0-9]{2} to [a-f0-9]{2}


                        Running the reoprt now to see if it holds up.

                        • 9. Re: Web Reporter - Bandwidth by Subnet?

                          That's great.  BTW, the pattern matching is is using java regex. There's lots of tutorials on the net if you look around. I'm not a regex wizzard, but I can do the basics.


                          Hostly, I think this is a better solution to running IP address filters. I would also expect the performance to be a little better too.

                          1 2 Previous Next