All Apps and Add-ons

How to detect TCP Connection time_taken, TCP Connection Refused, and TCP Connection Timed out with Splunk Stream?

haley_swarnapat
Path Finder

I have several questions regarding Splunk Stream for TCP protocol:

  1. How to measure time_taken for TCP Connection establishment between TCP SYN and SYN-ACK using Splunk Stream?
  2. How to detect TCP Connection Refused? How to measure the time_taken for it?
  3. Can we detect TCP Connection Timed Out or when the client decides to cancel the TCP Connection request?

Many thanks before,
Haley

0 Karma
1 Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee

Hello @haley_swarnapati,

1) Stream doesn't specifically calculate handshake time (SYN-ACK time - SYN time)

2) and 3): check for tcp_status filed values as follows: 0 - connection established; 1 - connection refused (with RST); 2 - connection ignored by the server/timed out

View solution in original post

0 Karma

vshcherbakov_sp
Splunk Employee
Splunk Employee

Hello @haley_swarnapati,

1) Stream doesn't specifically calculate handshake time (SYN-ACK time - SYN time)

2) and 3): check for tcp_status filed values as follows: 0 - connection established; 1 - connection refused (with RST); 2 - connection ignored by the server/timed out

0 Karma

haley_swarnapat
Path Finder

Thanks for your answer!

Btw, is there any roadmap to measure the handshake time?

We are facing firewall performance issue here, that sometimes it takes around 1000 milliseconds just to create a new tcp connection. The problem is we need to show evidence how often does it occur, how long, and when precisely?

0 Karma
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...