All Apps and Add-ons

Has anybody gotten the Splunk for DNS app to work with Infoblox?

0 Karma


Splunk recently developed a TA for infoblox.

The TA is here:
(The TA includes some panels for DNS and one for DHCP.)

Documentation is here:


Infoblox has not created an integration between our products and Splunk for DNS, and we're not aware of any else having done this. Best regards. -- Mike Langberg, Infoblox


Hi Mike, thank you for the reply; I agree on the forwwarding of DNS data possibly being a bit much for an appliance.

Assuming I just want to keep my data, in this case just DHCP data, on my Splunk indexer, wouldn't that work? Far less traffic than DNS + DHCP.

Wouldn't it be possible to forward just the DHCP logs to another syslog server? How would something like this look on thee Infoblox gridmaster?

Thanks again.

0 Karma


Hi @nychawk

Please be sure than when responding to someone's answer, click on "Add comment" directly below their answer or, if responding to someone's comment, type in the "Add your comment..." box directly below their comment. You typed your response in the "Enter your answer here..." box at the very bottom of the page which, instead, posts a brand new answer when it was really meant as a comment. This will help with a clean continuous flow of the conversation. I already converted your answer to a comment, so just something to keep in mind from here on out. Thanks and happy Splunking!


Infoblox does support SYSLOG. However, since this is a fairly heavy weight protocol, it does not scale well for logging of every single DNS query, which could mean multiple hundreds of thousands messages per second.

Therefore, Infoblox came up with a new mechanism that scales better by using a highly optimized data collection mechanism in the Infoblox Reporting Forwarder. The forwarder sends that data to an Infoblox appliance, acting in an indexer role, that knows how to interpret the data and run predetermined reports.

The reporting solution can interact with the rest of the Infoblox Grid and access information found in DHCP to display in the DNS Firewall report, or access information found through network discovery in the Infoblox Network Insight appliance. You can also run searches on reporting data and export the results in CSV. And the reporting solution allows forwarding of DNS query/response data to an external destination using FTP/SCP, for example, to correlate the DNS query (or response) with other data for analytics.

Hope that helps.

-- Mike Langberg, Infoblox

0 Karma



Doesn't Infoblox just forward logs to a syslog/rlog server running on the gridmaster?

If this is indeed true, then how difficult would it be to simply resend to a splunk instance?
If this is doable, and I believe it is, then wouldn't it be in Infooblox's best interest to support a Splunk app?

Finally, does your statement hold true for DHCP data as well?

Thank you in advance.

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...