Splunk Enterprise

How to search destination ip address and destination port of an application running on multiple servers.

abassydo2018
Explorer

I have multiple servers running an application and I will like to see the destination IP address and destination port these servers are talking to through Splunk. Please bear with me I am new to Splunk.
The servers can be identified as SIBAxyzP=hostname.

Thanks,
Abassydo

Tags (1)
0 Karma

abassydo2018
Explorer

I tried to use the string below but I got no result found. Please help and advise.

index=palo_alto hostname=SIBAxyzP src_ip=* | table src_ip dest_ip dest_port

0 Karma

xpac
SplunkTrust
SplunkTrust

Could you please post some sample log data? Not the search string you use, but some of the log data you have in Splunk.

0 Karma

somesoni2
Revered Legend

Can we have some sample log entries?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...