All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DNS lookup for IP address in Log Meesage

Ak_C
New Member
‎09-19-2013 09:21 PM

Hello 🙂

I need help in DNS resolution of the ip addresses in the logs:

*Oct 9 21:31:47.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.30.0.20 (Tunnel10) is up: new adjacency

I've this log configured as report which shows me top Ip addresses (tunnel - e.x. 172.30.0.20) bouncing. Problem with my report is:

When i use extraction field for "172.30.0.20" it only shows the Ip address I would like that to be changed in DNS name like we have hostnames.

0 Karma
Reply

MuS
Legend
‎09-19-2013 11:53 PM

Hi Ak_C

Check out the docs about the example on how to use DNS lookup for host IP.

Splunk ships with a script to handle this kind of external reverse DNS lookups .

hope this helps...

cheers, MuS

0 Karma
Reply

MuS
Legend
‎10-24-2014 08:28 AM

HeHe my bad....this truely an search time operation. I'll update the answer thx for the hint!

0 Karma
Reply

jmeyers_splunk
Splunk Employee
Splunk Employee
‎10-23-2014 08:25 AM

I'm pretty sure that this is a search time lookup operation. what makes you think that it is index time only?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...