How to create a new field and assign the hostname ...

martinnepolean · ‎08-12-2019

Hi All,

We are getting data from an application server for all servers and we are getting the IP address in dest_ip field. Now we like to exclude the servers from Linux and it would be difficult to use an IP address to filter the event. So we are looking for a way to perform DNSlookups and assign the hostname in the new field so that I can easily exclude it using regex. Please let me know how to create a new field and assign the hostname into it.

Sukisen1981 · ‎08-12-2019

check this out, i believe ou will be on your way 🙂
https://answers.splunk.com/answers/105246/dns-resolution-in-a-search.html
https://answers.splunk.com/answers/409036/how-to-a-dns-lookup-on-the-top-20-ip-results-retur.html

richgalloway · ‎08-12-2019

I believe the OP wants to do DNS lookups at index time, not search time.

---
If this reply helps you, an upvote would be appreciated.

martinnepolean · ‎08-13-2019

Yeah, I like to perform dns lookup at index time

How to create a new field and assign the hostname field using IP address

Re: How to create a new field and assign the hostname field using IP address

Re: How to create a new field and assign the hostname field using IP address

Re: How to create a new field and assign the hostname field using IP address