Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to troubleshoot connectivity issues using Splunk?

trentsnowbarger
New Member
‎09-14-2022 09:38 AM

a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk captures logs from our firewalls and other network devices. 
What are some search strings I would use, or how would I start using Splunk to troubleshoot historical (not live) connection issues going out to a website?

I know this is a broad question, but I'm just looking for some ideas on where to start. Thank you.

Labels (1)
Labels
0 Karma
Reply

smurf
Communicator
‎09-15-2022 07:11 AM

Hi,

first, I would look if a firewall dropped anything. So search the index with firewall logs for the user's IP address and the website's IP address, most likely port 80 or 443 since it is a website. I would do the same for any other network device like IPS/IDS. 

Hope this helps, at least a little.

smurf

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...