Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

dns resolving in search failed

wwillemsen1
Engager
‎06-03-2014 10:36 AM

Hi Splunkers

Using syslog output from Netfilter/Iptables.
Reading it into Splunk, but cant get IP resolved to DNS.

No luck: whats next ?
Would appreciate a fine Firewall dashboard, maybe there is a better solution around ?

Tags (2)
0 Karma
Reply

wwillemsen1
Engager
‎06-04-2014 08:27 AM

Should not be complicated:
I get a list of IPnrs form the remote syslog, fine, but whatever I try, nameresolution fails.
It remains a list of IPnumber, I like to see names.

Ihe links I mentioned deal with this issue, but no go here.
What else to try ?

(Even beter: a dashboard for Netfilter/IpTables, with graphs and all, but the ones available dont work properly. Ill get to that later.)

0 Karma
Reply

wwillemsen1
Engager
‎06-08-2014 01:32 PM

There, I fixed it. Case of RTFM, and proper field names. Also sorted the columns. Nice.

host="192.168.x.x" | lookup dnslookup clientip as DST OUTPUT clienthost as DST_RESOLVED | lookup dnslookup clientip as SRC OUTPUT clienthost as SRC_RESOLVED | Table _time SRC SRC_RESOLVED DST DST_RESOLVED PROTO DPT

Digging in Netfilter-Iptables after this.

0 Karma
Reply

grijhwani
Motivator
‎06-04-2014 08:47 AM

Just post an EXAMPLE of what doesn't work. Stop keep describing it and SHOW us. And post it in your question, not as an answer, which it is not.

Reply

grijhwani
Motivator
‎06-03-2014 03:33 PM

You would be better off posting an example of specifically what does not work, rather than a non-specific "can't get to work".

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...