Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

NSlookup on Network Tools App with Specified DNS Server?

khavildar
Explorer
‎04-19-2018 04:24 PM

I am trying to write an alert in Splunk which will tell us if the 2 DNS servers we have setup for a domain are working as intended. I want to use NSLookup and not Ping to verify the DNS servers are translating the IPs.
The Network Tools app has NSLookup command syntax as

| nslookup hostname

This command works but does not use the DNS servers I intend to test. I would like to see if we can have the command work in this manner:

| nslookup hostname Dns-Server

I looked in nslookup_Search_command.py file, and see it has
result=nslookup(host=self.host, server=self.server, index=index, logger=self.logger)

I am wondering if the Server is meant to be the DNS server in the above line and if its worked for anyone.

Thoughts??

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

khavildar
Explorer
‎04-30-2018 08:19 AM

I reached out to the author of the app and he was gracious to make the changes. The updated version of the app now supports the above requirement.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

khavildar
Explorer
‎04-30-2018 08:19 AM

I reached out to the author of the app and he was gracious to make the changes. The updated version of the app now supports the above requirement.

0 Karma
Reply
Solved! Jump to solution

pgadhari
Builder
‎08-03-2019 10:52 PM

@khavildar - I also want to use the same scenario. Actually, I want to check from specific DNS servers, whether they are resolving or not and index those events and show the status of nslookup from those specific dns servers for internal and external domains on the dashboard. Is it possible using Network tools app ? Can you guide on how you did that ? I have installed the app on my heavyforwarder ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...