https://community.splunk.com/t5/Splunk-Search/Alert-based-on-domain-name-not-IP/m-p/59071#M14558 <P>We would like to setup an alert based upon domain name -- that is, our apache logs contain IP addresses of the GET request. Can an alert be set that matches on a domain name and if so, what transforms or other methods need to be implemented to do so.</P> <P>I'm guessing that if the apache logs would do dns lookups, they would then contain the domain name and that could work -- as long as I can trigger an alert based on domain names contained in the apache logs. </P> <P>Otherwise can splunk -- and would I even want splunk -- to do the domain lookups and then report accordingly?</P> <P>Thank you. </P> Thu, 24 May 2012 03:55:10 GMT bulgin 2012-05-24T03:55:10Z https://community.splunk.com/t5/Splunk-Search/Alert-based-on-domain-name-not-IP/m-p/59071#M14558 <P>We would like to setup an alert based upon domain name -- that is, our apache logs contain IP addresses of the GET request. Can an alert be set that matches on a domain name and if so, what transforms or other methods need to be implemented to do so.</P> <P>I'm guessing that if the apache logs would do dns lookups, they would then contain the domain name and that could work -- as long as I can trigger an alert based on domain names contained in the apache logs. </P> <P>Otherwise can splunk -- and would I even want splunk -- to do the domain lookups and then report accordingly?</P> <P>Thank you. </P> Thu, 24 May 2012 03:55:10 GMT https://community.splunk.com/t5/Splunk-Search/Alert-based-on-domain-name-not-IP/m-p/59071#M14558 bulgin 2012-05-24T03:55:10Z https://community.splunk.com/t5/Splunk-Search/Alert-based-on-domain-name-not-IP/m-p/59072#M14559 <P>This is something that you can have Splunk do via a look up which could be a .csv file or better yet a script in this case. See this for reference. You can set up the look up to be automatic or manual via search.</P> <P><A href="http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/">http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/</A></P> <P>Look ups in the docs: <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/lookup">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/lookup</A></P> <P>Example in the docs referencing hostname look up: <A href="http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsfromexternaldatasources">http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsfromexternaldatasources</A></P> Thu, 24 May 2012 12:44:56 GMT https://community.splunk.com/t5/Splunk-Search/Alert-based-on-domain-name-not-IP/m-p/59072#M14559 sdaniels 2012-05-24T12:44:56Z