Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unique Port Count Per IP

ThisIsTom
New Member
‎06-11-2013 01:38 PM

I'm trying to find the number of unique ports accessed by IP's, by count. i.e. IP 8.8.8.8 connected to 5 unique ports. As of right now I am able to see the unique ports connected to by the IP address with the below command.

sourcetype="source_traffic" | stats values(src_port) by dst_ip

Is there a way to count those unique ports and display only that number? I have also tried:

sourcetype="source_traffic" dst_ip="x.x.x.x" | stats count values(src_port) by dst_ip

This one appears to the show a higher count than displayed port numbers.

TIA for any help!

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

theouhuios
Motivator
‎06-11-2013 01:46 PM

I guess you can do something like this

stats dc(src_port) by dst_ip

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

theouhuios
Motivator
‎06-11-2013 01:46 PM

I guess you can do something like this

stats dc(src_port) by dst_ip
0 Karma
Reply
Solved! Jump to solution

lbogle
Contributor
‎05-29-2014 11:15 AM

I'm actually looking for something similar however not to find the count of ports but a listing of the actual ports that IP is using. So like a top 10 src_ip and then the top 3 ports that each of the src_ip's is using. Does that make sense?

0 Karma
Reply
Solved! Jump to solution

ThisIsTom
New Member
‎06-11-2013 01:58 PM

Appreciate the quick response! It was on the money.

sourcetype="source_traffic" | stats dc(src_port) by dst_ip

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...