Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring services and process and which port using

test_qweqwe
Builder
‎12-18-2017 08:05 AM

HI.
I know how to monitoring process and services in Windows, but I don't know how to see port which use process/service.
All logs that I have right now and including process/services not have any fields with ports.
For example, I wanna make one table which will include service/process and port. How can I realize it?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adigrio
Path Finder
‎12-18-2017 08:58 AM

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

alt text

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

alt text

View solution in original post

Preview file
74 KB
Preview file
30 KB
Reply
Solved! Jump to solution
Solution

adigrio
Path Finder
‎12-18-2017 08:58 AM

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

alt text

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

alt text

Preview file
74 KB
Preview file
30 KB
Reply
Solved! Jump to solution

ttovarzoll
Path Finder
‎04-30-2020 03:22 PM

This looks great but I don't see an input-type, "Splunk network monitoring" when I try to add it to my Splunk Enterprise 7.3 environment. Is that a particular add-on or app?

0 Karma
Reply
Solved! Jump to solution

jacobpevans
Motivator
‎06-11-2020 05:22 AM

Splunk Add-on for Microsoft Windows

https://splunkbase.splunk.com/app/742/

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
Tags (1)
0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-18-2017 08:49 AM

Preempting your reply.

If your universal forwarders are *nix based, the splunk_TA_nix TAcomes with an input called openPortsEnhanced.sh which you can enable.
Add the following to your inputs.conf in the TA.

[script://./bin/openPortsEnhanced.sh]
disabled = false

It will yield results as follows:

Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8089 pid=34624 user=splunk fd=5u ip_version=4 dvc_id=46637453 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8000 pid=34624 user=splunk fd=53u ip_version=4 dvc_id=46655525 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=mongod dest_ip=* dest_port=8191 pid=36671 user=splunk fd=5u ip_version=4 dvc_id=46645516 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=python dest_ip=127.0.0.1 dest_port=8065 pid=36831 user=splunk fd=15u ip_version=4 dvc_id=46655518 transport=TCP
If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

test_qweqwe
Builder
‎12-18-2017 01:16 PM

Thank you for answer!

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-18-2017 08:40 AM

Is this on a universal forwarder - and which OS?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...