I have several questions regarding Splunk Stream for TCP protocol:
Many thanks before,
Haley
Hello @haley_swarnapati,
1) Stream doesn't specifically calculate handshake time (SYN-ACK time - SYN time)
2) and 3): check for tcp_status
filed values as follows: 0 - connection established; 1 - connection refused (with RST); 2 - connection ignored by the server/timed out
Hello @haley_swarnapati,
1) Stream doesn't specifically calculate handshake time (SYN-ACK time - SYN time)
2) and 3): check for tcp_status
filed values as follows: 0 - connection established; 1 - connection refused (with RST); 2 - connection ignored by the server/timed out
Thanks for your answer!
Btw, is there any roadmap to measure the handshake time?
We are facing firewall performance issue here, that sometimes it takes around 1000 milliseconds just to create a new tcp connection. The problem is we need to show evidence how often does it occur, how long, and when precisely?