a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk captures logs from our firewalls and other network devices.
What are some search strings I would use, or how would I start using Splunk to troubleshoot historical (not live) connection issues going out to a website?
I know this is a broad question, but I'm just looking for some ideas on where to start. Thank you.
Hi,
first, I would look if a firewall dropped anything. So search the index with firewall logs for the user's IP address and the website's IP address, most likely port 80 or 443 since it is a website. I would do the same for any other network device like IPS/IDS.
Hope this helps, at least a little.
smurf