https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45561#M8545 <P>Michael Wilde did a blog on reverse dns lookups. </P> <P>It is definitely worth a read.</P> <P><A href="http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/">http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/</A></P> Wed, 20 Jul 2011 13:00:55 GMT Jodge 2011-07-20T13:00:55Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45559#M8543 <P>Dear Splunkers,</P> <P>We recently have set up SPLUNK as a syslog to gather all the logs of our Cisco routers and switches. We just opened port 514 on splunk to start indexing everything.</P> <P>Logs are comming in, but all devices are shown by IP address.</P> <P>Now, my question is how to resolve these IP addresses too there hostname. It's not possible through DNS. </P> <P>But perhaps there is an other possibility that I don't know off.</P> <P>Any help or walktroughs are very welcome.</P> <P>Kind reagrds<BR /> A follower</P> Wed, 20 Jul 2011 11:51:47 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45559#M8543 pereest 2011-07-20T11:51:47Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45560#M8544 <P>You can create a lookup file or add a hosts file to your server and splunk will use either of these to get the hostname.</P> Wed, 20 Jul 2011 12:36:02 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45560#M8544 BobM 2011-07-20T12:36:02Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45561#M8545 <P>Michael Wilde did a blog on reverse dns lookups. </P> <P>It is definitely worth a read.</P> <P><A href="http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/">http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/</A></P> Wed, 20 Jul 2011 13:00:55 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45561#M8545 Jodge 2011-07-20T13:00:55Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45562#M8546 <P>Lookup files work, if you can not use reverse DNS</P> Wed, 20 Jul 2011 13:25:03 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45562#M8546 chris 2011-07-20T13:25:03Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45563#M8547 <P>Due to our environment, we do IPs. Most of the machines [that I care about] I translate the IP to a cluster name at report time, via lookup.<BR /> There are cases when I care about who is doing what, but most of the time I want to trend who, client clusters, is hitting our clusters.</P> Wed, 20 Jul 2011 15:27:49 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45563#M8547 fk319 2011-07-20T15:27:49Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45564#M8548 <P>I just thought I would post in here in regards to a question I have that is related. I have heard thay you can get cisco devices to syslog and include their hostname in the syslog message.<BR /> So far I have not found out if this is correct. Does anyone have any experience with that.</P> <P>I realise you can do a dnslookup, or do a lookup table, but thought if this was possible it might make more sense to apply that config change to our devices instead of splunk.</P> Tue, 02 Jul 2013 01:13:12 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45564#M8548 CeJay 2013-07-02T01:13:12Z https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45565#M8549 <P>This just worked fantastically (v6.5).</P> <P>Just be aware of what version he's referring to v.s. yours, some directories changed, but you'll get the idea...</P> Thu, 17 Nov 2016 16:20:37 GMT https://community.splunk.com/t5/Getting-Data-In/IP-address-vs-hostname/m-p/45565#M8549 Michael 2016-11-17T16:20:37Z