I am trying to display the fqdn instead of the IP address for the internal host in a syslog message. In the example below, I would like to resolve the 10.10.10.100 address to FQDN and display that in Splunk, instead of the IP address.
Any assistance would be greatly appreciated.
Jul 31 01:46:08 [10.10.10.1] Jul 31 2012 01:46:08 EXT-FW : %ASA-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.10.10.100/54749 (100.100.100.100/57315) to outside:184.108.40.206/80 (220.127.116.11/80), destination 18.104.22.168 resolved from dynamic list: 22.214.171.124/255.255.255.255, threat-level: very-high, category: Malware
Check out the example in this doc: