Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Whitelist network traffic

wbolten
Path Finder
‎08-20-2020 02:58 AM

Hi, 

I am using the UF to collect data from the system. Using the following stanza I seem to receive all the information in regards to the bytes sent and received. That is too much information for me. I am interested in traffic generated by a specific process, or processes.

To be able to do this I have currently the following stanza live but it seems to be still sending everything. Not using the whitelist option. I also don't  see the option in the documentation so that would not surprise me. 

[perfmon://Network Adapter WebEx]
counters = Bytes Received/sec;Bytes Sent/sec
instances = *
whitelist = *.webex.com
interval = 60
mode = single
object = Network Interface
index = xxxyyyzzz
useEnglishOnly = true
sourcetype = xxxyyyzzz:Network Adapter
disabled = 0

 What would be the best way, if even possible, to only catch and the network traffic for a specific process or processes? 

Besides traffic I am also interested in other metrics such as errors, dropped packets etc. Maybe I am going about this the wrong way. Any help would be appreciated. 

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...