Hi All,
We are getting data from an application server for all servers and we are getting the IP address in dest_ip field. Now we like to exclude the servers from Linux and it would be difficult to use an IP address to filter the event. So we are looking for a way to perform DNSlookups and assign the hostname in the new field so that I can easily exclude it using regex. Please let me know how to create a new field and assign the hostname into it.
check this out, i believe ou will be on your way 🙂
https://answers.splunk.com/answers/105246/dns-resolution-in-a-search.html
https://answers.splunk.com/answers/409036/how-to-a-dns-lookup-on-the-top-20-ip-results-retur.html
I believe the OP wants to do DNS lookups at index time, not search time.
Yeah, I like to perform dns lookup at index time