All Apps and Add-ons

Trouble with OpenDNS lookup Table

Volto
Path Finder

Hello,

I am trying to use the lookup table created by OpenDNS addon to include data from the OpenDNS cloud.

The structure of the lookup table is;

dest, last_queried, max_malware_sample_threat_score, rr_history.domain, rr_history.status, rr_history.status_label, rr_history.ttl.

My lookup query is; | lookup investigate_ips dest AS src_ip OUTPUT rr_history.status_label but this errors out "Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table."

I know that the addresses passed to the lookup table exist, and I don't get the error when I output rr_history. Has anyone gotten the lookup table to work?

0 Karma

byearwood_splun
Splunk Employee
Splunk Employee

Hi Volto,
- what version of opendns_investigate are you running please?
- is there a corresponding csv file
- also should the command not be |inputlookup, instead of |lookup?

0 Karma
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...