Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring services and process and which port using

test_qweqwe
Builder
‎12-18-2017 08:05 AM

HI.
I know how to monitoring process and services in Windows, but I don't know how to see port which use process/service.
All logs that I have right now and including process/services not have any fields with ports.
For example, I wanna make one table which will include service/process and port. How can I realize it?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adigrio
Path Finder
‎12-18-2017 08:58 AM

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

alt text

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

alt text

View solution in original post

netstats.png
Preview file
74 KB
eventnetstats.png
Preview file
30 KB
Reply
Solved! Jump to solution
Solution

adigrio
Path Finder
‎12-18-2017 08:58 AM

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

alt text

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

alt text

netstats.png
Preview file
74 KB
eventnetstats.png
Preview file
30 KB
Reply
Solved! Jump to solution

ttovarzoll
Path Finder
‎04-30-2020 03:22 PM

This looks great but I don't see an input-type, "Splunk network monitoring" when I try to add it to my Splunk Enterprise 7.3 environment. Is that a particular add-on or app?

0 Karma
Reply
Solved! Jump to solution

jacobpevans
Motivator
‎06-11-2020 05:22 AM

Splunk Add-on for Microsoft Windows

https://splunkbase.splunk.com/app/742/

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
Tags (1)
0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-18-2017 08:49 AM

Preempting your reply.

If your universal forwarders are *nix based, the splunk_TA_nix TAcomes with an input called openPortsEnhanced.sh which you can enable.
Add the following to your inputs.conf in the TA.

[script://./bin/openPortsEnhanced.sh]
disabled = false

It will yield results as follows:

Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8089 pid=34624 user=splunk fd=5u ip_version=4 dvc_id=46637453 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8000 pid=34624 user=splunk fd=53u ip_version=4 dvc_id=46655525 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=mongod dest_ip=* dest_port=8191 pid=36671 user=splunk fd=5u ip_version=4 dvc_id=46645516 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=python dest_ip=127.0.0.1 dest_port=8065 pid=36831 user=splunk fd=15u ip_version=4 dvc_id=46655518 transport=TCP
If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

test_qweqwe
Builder
‎12-18-2017 01:16 PM

Thank you for answer!

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎12-18-2017 08:40 AM

Is this on a universal forwarder - and which OS?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
li.common.scroll-to.top