Getting Data In

Retrieve Windows DNS Logs - best practices ?

GaetanVP
Contributor

Hello Splunkers,

Whats is "the best practice" to ingest DNS logs inside a distributed Splunk environment.  I hesitate between two possibilities (maybe there are others) :

- Install a UF on my DNS servers and simply monitor the path where my DNS logs are located and then forward the logs to my Splunk env.

-  Or use the Stream App, which seems a little bit more complicated : https://docs.splunk.com/Documentation/StreamApp/8.1.1/DeployStreamApp/AboutSplunkStream

Let me know what you used / think about that,

Thanks a lot !

GaetanVP

 

Labels (2)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

This also depends on your DNS system and query volumes. If you have some real dns server/appliances or just Windows DC node wit DNS enable. 

View solution in original post

jotne
Builder

We do UF on all our servers.  To not make to more complicated we use the UF to monitor the DNS log files. 

isoutamo
SplunkTrust
SplunkTrust

This also depends on your DNS system and query volumes. If you have some real dns server/appliances or just Windows DC node wit DNS enable. 

GaetanVP
Contributor

In case of Windows DC node with DNS enable you would go for classic UF installation and monitoring ?

Thanks 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Yes it should work like this.

Personally I try to avoid windows dc dns, but that’s another story.

Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...