Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to raise the alert for sourcetype=netstat

sarvesh_11
Communicator
‎11-13-2019 03:20 AM

Hi Splunker,

How can i Write the splunk query to show the state of a port for local address? The result of netstat is for the whole ports on the particular server, and the results be like:

Proto Recv-Q Send-Q LocalAddress ForeignAddress State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN

Now in this case, how shall i write the query if the State for port 111 changes from Listen to CLOSED_WAIT or Closed etc...?

Reply

SinghK
Builder
‎12-03-2021 04:40 AM

Put that in a table for all the fields and search for State!= Listen

0 Karma
Reply

SinghK
Builder
‎12-03-2021 04:41 AM

| table .....| search state!=Listen

0 Karma
Reply

lbruhns
Explorer
‎12-02-2021 11:59 AM

came here for same question

 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...