https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187233#M37435 <P>You would be better off posting an example of specifically what does not work, rather than a non-specific "can't get to work".</P> Tue, 03 Jun 2014 22:33:41 GMT grijhwani 2014-06-03T22:33:41Z https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187232#M37434 <P>Hi Splunkers</P> <P>Using syslog output from Netfilter/Iptables. <BR /> Reading it into Splunk, but cant get IP resolved to DNS.</P> <UL> <LI><P>Tried several links available. <BR /> <A href="http://answers.splunk.com/answers/61853/resolve-ip-address">http://answers.splunk.com/answers/61853/resolve-ip-address</A><BR /> <A href="http://answers.splunk.com/answers/30075/dns-lookup-failing">http://answers.splunk.com/answers/30075/dns-lookup-failing</A><BR /> <A href="http://answers.splunk.com/answers/8051/dns-lookup-via-splunk">http://answers.splunk.com/answers/8051/dns-lookup-via-splunk</A></P></LI> <LI><P>Also tried Iptable and Lookup plugins </P></LI> </UL> <P>No luck: whats next ? <BR /> Would appreciate a fine Firewall dashboard, maybe there is a better solution around ?</P> Tue, 03 Jun 2014 17:36:02 GMT https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187232#M37434 wwillemsen1 2014-06-03T17:36:02Z https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187233#M37435 <P>You would be better off posting an example of specifically what does not work, rather than a non-specific "can't get to work".</P> Tue, 03 Jun 2014 22:33:41 GMT https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187233#M37435 grijhwani 2014-06-03T22:33:41Z https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187234#M37436 <P>Should not be complicated:<BR /> I get a list of IPnrs form the remote syslog, fine, but whatever I try, nameresolution fails.<BR /> It remains a list of IPnumber, I like to see names.</P> <P>Ihe links I mentioned deal with this issue, but no go here.<BR /> What else to try ?</P> <P>(Even beter: a dashboard for Netfilter/IpTables, with graphs and all, but the ones available dont work properly. Ill get to that later.)</P> Wed, 04 Jun 2014 15:27:09 GMT https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187234#M37436 wwillemsen1 2014-06-04T15:27:09Z https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187235#M37437 <P>Just post an <EM>EXAMPLE</EM> of what doesn't work. Stop keep describing it and <EM>SHOW</EM> us. And post it in your question, not as an answer, which it is not.</P> Wed, 04 Jun 2014 15:47:24 GMT https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187235#M37437 grijhwani 2014-06-04T15:47:24Z https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187236#M37438 <P>There, I fixed it. Case of RTFM, and proper field names. Also sorted the columns. Nice.</P> <P>host="192.168.x.x" | lookup dnslookup clientip as DST OUTPUT clienthost as DST_RESOLVED | lookup dnslookup clientip as SRC OUTPUT clienthost as SRC_RESOLVED | Table _time SRC SRC_RESOLVED DST DST_RESOLVED PROTO DPT</P> <HR /> <P>Digging in Netfilter-Iptables after this.</P> Mon, 28 Sep 2020 16:49:00 GMT https://community.splunk.com/t5/Getting-Data-In/dns-resolving-in-search-failed/m-p/187236#M37438 wwillemsen1 2020-09-28T16:49:00Z