Hi Splunker,
How can i Write the splunk query to show the state of a port for local address? The result of netstat is for the whole ports on the particular server, and the results be like:
Proto Recv-Q Send-Q LocalAddress ForeignAddress State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
Now in this case, how shall i write the query if the State for port 111 changes from Listen to CLOSED_WAIT or Closed etc...?
Put that in a table for all the fields and search for State!= Listen
| table .....| search state!=Listen
came here for same question