All Apps and Add-ons

DNS lookup for IP address in Log Meesage

Ak_C
New Member

Hello 🙂

I need help in DNS resolution of the ip addresses in the logs:

*Oct 9 21:31:47.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.30.0.20 (Tunnel10) is up: new adjacency

I've this log configured as report which shows me top Ip addresses (tunnel - e.x. 172.30.0.20) bouncing. Problem with my report is:

When i use extraction field for "172.30.0.20" it only shows the Ip address I would like that to be changed in DNS name like we have hostnames.

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi Ak_C

Check out the docs about the example on how to use DNS lookup for host IP.

Splunk ships with a script to handle this kind of external reverse DNS lookups .

hope this helps...

cheers, MuS

0 Karma

MuS
SplunkTrust
SplunkTrust

HeHe my bad....this truely an search time operation. I'll update the answer thx for the hint!

0 Karma

jmeyers_splunk
Splunk Employee
Splunk Employee

I'm pretty sure that this is a search time lookup operation. what makes you think that it is index time only?

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>