dns resolving in search failed

wwillemsen1 · ‎06-03-2014

Hi Splunkers

Using syslog output from Netfilter/Iptables.
Reading it into Splunk, but cant get IP resolved to DNS.

Tried several links available.
http://answers.splunk.com/answers/61853/resolve-ip-address
http://answers.splunk.com/answers/30075/dns-lookup-failing
http://answers.splunk.com/answers/8051/dns-lookup-via-splunk
Also tried Iptable and Lookup plugins

No luck: whats next ?
Would appreciate a fine Firewall dashboard, maybe there is a better solution around ?

wwillemsen1 · ‎06-04-2014

Should not be complicated:
I get a list of IPnrs form the remote syslog, fine, but whatever I try, nameresolution fails.
It remains a list of IPnumber, I like to see names.

Ihe links I mentioned deal with this issue, but no go here.
What else to try ?

(Even beter: a dashboard for Netfilter/IpTables, with graphs and all, but the ones available dont work properly. Ill get to that later.)

wwillemsen1 · ‎06-08-2014

There, I fixed it. Case of RTFM, and proper field names. Also sorted the columns. Nice.

host="192.168.x.x" | lookup dnslookup clientip as DST OUTPUT clienthost as DST_RESOLVED | lookup dnslookup clientip as SRC OUTPUT clienthost as SRC_RESOLVED | Table _time SRC SRC_RESOLVED DST DST_RESOLVED PROTO DPT

Digging in Netfilter-Iptables after this.

grijhwani · ‎06-04-2014

Just post an EXAMPLE of what doesn't work. Stop keep describing it and SHOW us. And post it in your question, not as an answer, which it is not.

grijhwani · ‎06-03-2014

You would be better off posting an example of specifically what does not work, rather than a non-specific "can't get to work".

dns resolving in search failed

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)