Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Whitelist network traffic

wbolten
Path Finder
‎08-20-2020 02:58 AM

Hi, 

I am using the UF to collect data from the system. Using the following stanza I seem to receive all the information in regards to the bytes sent and received. That is too much information for me. I am interested in traffic generated by a specific process, or processes.

To be able to do this I have currently the following stanza live but it seems to be still sending everything. Not using the whitelist option. I also don't  see the option in the documentation so that would not surprise me. 

[perfmon://Network Adapter WebEx]
counters = Bytes Received/sec;Bytes Sent/sec
instances = *
whitelist = *.webex.com
interval = 60
mode = single
object = Network Interface
index = xxxyyyzzz
useEnglishOnly = true
sourcetype = xxxyyyzzz:Network Adapter
disabled = 0

 What would be the best way, if even possible, to only catch and the network traffic for a specific process or processes? 

Besides traffic I am also interested in other metrics such as errors, dropped packets etc. Maybe I am going about this the wrong way. Any help would be appreciated. 

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...