Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: CentralOps Whois Technology Add-On: How to cha...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When trying an ip without a domain, like for example: 173.xxx.xxx.129, I get: resolved_domain 173.xxx.xxx.129.
How can I set it to bring me another field instead when no domain is found?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the question jairjr. As per my previous answer, I've now added a new feature to support ip whois queries. Please see https://splunkbase.splunk.com/app/3506/
Also, if you need autonomous system (ASN) information, be sure to check out my asngen app: https://splunkbase.splunk.com/app/3531/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jairjr, could you please accept this answer?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it, thank you for the quick response.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As promised, I've implemented this new feature.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you! Do you have idea why some IPs just bring me the field resolved_domain?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you get a response if you use the 'whois' command to query that IP from your local machine? The information presented in the app comes from https://centralops.net/co/domaindossier.aspx, so if that site doesn't return any results for an IP, you'll just get a 'resolved_domain' field in the app.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
