How to raise the alert for sourcetype=netstat

November 13, 2019, 3:20 am

≪ Previous: How can I connect my ionic app to splunk entrerise server?

Hi Splunker, How can i Write the splunk query to show the state of a port for local address? The result of netstat is for the whole ports on the particular server, and the results be like: Proto Recv-Q Send-Q LocalAddress ForeignAddress State tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN Now in this case, how shall i write the query if the State for port 111 changes from Listen to CLOSED_WAIT or Closed etc...?

↧