When trying an ip without a domain, like for example: 173.xxx.xxx.129, I get: resolved_domain 173.xxx.xxx.129.
How can I set it to bring me another field instead when no domain is found?
The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.
Thanks for the question jairjr. As per my previous answer, I've now added a new feature to support ip whois queries. Please see https://splunkbase.splunk.com/app/3506/
Also, if you need autonomous system (ASN) information, be sure to check out my asngen app: https://splunkbase.splunk.com/app/3531/
Hi jairjr, could you please accept this answer?
The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.
Got it, thank you for the quick response.
As promised, I've implemented this new feature.
Thank you! Do you have idea why some IPs just bring me the field resolved_domain?
Do you get a response if you use the 'whois' command to query that IP from your local machine? The information presented in the app comes from https://centralops.net/co/domaindossier.aspx, so if that site doesn't return any results for an IP, you'll just get a 'resolved_domain' field in the app.