I am using the Splunk App for *nix to gather netstat data, and I am trying to find the number of connections to the port 44221. I am using this search string, but am unable to figure out how to get a count of the occurrences within each event since there are no obvious fields, it is just formatted like the netstat command from the terminal.
index=os sourcetype="netstat" host="hostname" 44221
The command successfully highlights each line with that port number, so I imagine there has to be a very simple way to get the count of matches within each event, but I haven't found it yet.
↧