All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

URL Toolbox: What is the most efficient way to map URLs with IPs to meaningful names to graph on a time chart?

caradoc
New Member
‎06-10-2016 10:46 AM

Using URL Toolbox to parse out ut_domain for varying levels of analysis - I've come up with a couple of different ways to map ut_domain to some meaningful name instead of winding up with a timechart of eight IP addresses all graphed separately with a few additional entries (google.com, apple.com, etc.), but I'm at a loss as to the most efficient way to do it. Making individual DNS queries for each unqualified IP in ut_domain is not very efficient. Placing a table of "if this is the IP in ut_domain, use this string instead for ut_domain" seems to work, but I have to think there's a better way.

Thoughts?

0 Karma
Reply

janderson19
Path Finder
‎06-10-2016 03:14 PM

You could put those IPs and their names into a lookup table. I personally don't know much about lookups buy you could try it

http://docs.splunk.com/Documentation/Splunk/6.4.1/SearchReference/Lookup

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...