Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot connectivity issues using Splunk?

trentsnowbarger
New Member
‎09-14-2022 09:38 AM

a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk captures logs from our firewalls and other network devices. 
What are some search strings I would use, or how would I start using Splunk to troubleshoot historical (not live) connection issues going out to a website?

I know this is a broad question, but I'm just looking for some ideas on where to start. Thank you.

Labels (1)
Labels
0 Karma
Reply

smurf
Communicator
‎09-15-2022 07:11 AM

Hi,

first, I would look if a firewall dropped anything. So search the index with firewall logs for the user's IP address and the website's IP address, most likely port 80 or 443 since it is a website. I would do the same for any other network device like IPS/IDS. 

Hope this helps, at least a little.

smurf

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...