Hi,
We are trying to analyze traffic on TCP ports both inbound and outbound in Splunk ES excluding the ports 80,443
Hi shivarpith, something like this will show you what the Network Traffic Datamodel is seeing:
| datamodel Network_Traffic All_Traffic search | search All_Traffic.src_port!=80 All_Traffic.src_port!=443 All_Traffic.dest_port!=80 All_Traffic.dest_port!=443
This will give you the raw events.
Please let me know if this helps!
Hi shivarpith, something like this will show you what the Network Traffic Datamodel is seeing:
| datamodel Network_Traffic All_Traffic search | search All_Traffic.src_port!=80 All_Traffic.src_port!=443 All_Traffic.dest_port!=80 All_Traffic.dest_port!=443
This will give you the raw events.
Please let me know if this helps!
its works for me , big Thanks 🙂