All Apps and Add-ons

CentralOps Whois Technology Add-On: How to change default output?

jairjr
Path Finder

When trying an ip without a domain, like for example: 173.xxx.xxx.129, I get: resolved_domain 173.xxx.xxx.129.

How can I set it to bring me another field instead when no domain is found?

0 Karma
1 Solution

doksu
SplunkTrust
SplunkTrust

The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.

View solution in original post

0 Karma

doksu
SplunkTrust
SplunkTrust

Thanks for the question jairjr. As per my previous answer, I've now added a new feature to support ip whois queries. Please see https://splunkbase.splunk.com/app/3506/

Also, if you need autonomous system (ASN) information, be sure to check out my asngen app: https://splunkbase.splunk.com/app/3531/

0 Karma

doksu
SplunkTrust
SplunkTrust

Hi jairjr, could you please accept this answer?

0 Karma

doksu
SplunkTrust
SplunkTrust

The app doesn't currently support IP lookups, however I've raised a feature request on your behalf (https://github.com/doksu/TA-centralops/issues/4), which I'll endeavour to have implemented next week. Once complete I'll post an update here.

0 Karma

jairjr
Path Finder

Got it, thank you for the quick response.

0 Karma

doksu
SplunkTrust
SplunkTrust

As promised, I've implemented this new feature.

0 Karma

jairjr
Path Finder

Thank you! Do you have idea why some IPs just bring me the field resolved_domain?

0 Karma

doksu
SplunkTrust
SplunkTrust

Do you get a response if you use the 'whois' command to query that IP from your local machine? The information presented in the app comes from https://centralops.net/co/domaindossier.aspx, so if that site doesn't return any results for an IP, you'll just get a 'resolved_domain' field in the app.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...