All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How run nslookup on lookup

NHLaurent
Explorer
‎11-26-2018 07:28 PM

I have a lookup of ip addresses, I want to use the nslookup command resolve the hostnames. Is there a way to run that against the dest field

| inputlookup "ipnl.csv"
| fields dest
| nslookup ????
| outputlookup "dns.csv"

Thanks

0 Karma
Reply

woodcock
Esteemed Legend
‎11-26-2018 08:41 PM

Ever since about splunk v5 it is built-in; just use it like this:

| inputlookup ipnl.csv
| fields dest 
| lookup dnslookup clientip AS dest OUTPUT clienthost AS desthost
| outputlookup dns.csv
Reply

LukeMurphey
Champion
‎11-26-2018 07:51 PM

You need to use the custom lookup command instead.

See https://lukemurphey.net/projects/network-tools/wiki/Using_Lookups for details.

You would need to do something like this:

| inputlookup "ipnl.csv" 
| fields dest 
| lookup nslookup host as dest
| table _raw aaaa a mx ns server
Reply

sharmaa5
Engager
‎07-01-2021 01:19 AM

Hi @LukeMurphey ,

 

I'm trying to configure DNS resolution for the but I'm a bit confused that how to use lookup defination dsnlookup and nslookup.

I'm not getting any values in aaaa, mx, ns and _raw while trying nslookup 

Can you help me out how can I configure this or what I'm doing wrong.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...