Splunk Enterprise

Whitelist network traffic

wbolten
Path Finder

Hi, 

I am using the UF to collect data from the system. Using the following stanza I seem to receive all the information in regards to the bytes sent and received. That is too much information for me. I am interested in traffic generated by a specific process, or processes.

To be able to do this I have currently the following stanza live but it seems to be still sending everything. Not using the whitelist option. I also don't  see the option in the documentation so that would not surprise me. 

[perfmon://Network Adapter WebEx]
counters = Bytes Received/sec;Bytes Sent/sec
instances = *
whitelist = *.webex.com
interval = 60
mode = single
object = Network Interface
index = xxxyyyzzz
useEnglishOnly = true
sourcetype = xxxyyyzzz:Network Adapter
disabled = 0

 What would be the best way, if even possible, to only catch and the network traffic for a specific process or processes? 

Besides traffic I am also interested in other metrics such as errors, dropped packets etc. Maybe I am going about this the wrong way. Any help would be appreciated. 

Tags (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...