Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create an NSLookup script that allows you to right-click an IP to get the name and address information?

packet_hunter
Contributor
‎12-20-2016 02:55 PM

Any one have any luck creating an NSlookup script that allows you to right-click an IP and get the Name/Address Info?

I am thinking about using a Python script.

Any pointers, don't want to reinvent the wheel...

Thank you

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gesman_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 05:50 PM

Simpler and pure Simple XML solution would be to add a drilldown capability on IP field.
Alternatively (what I did) - create a another field right next to IP, name it "Whois" and make click on this field to open new browser tab to execute "whois" on IP.

Such as:

  ...
  <row>
    <panel>
      <table>
        <title>Investigation Results</title>
        <searchPostProcess base="root_search">
          ...
        </searchPostProcess>
        <drilldown target="_blank">
          <link field="Whois">
            <![CDATA[ http://who.is/whois-ip/ip-address/$row.src_ip$ ]]>
          </link>
        </drilldown>
        <option name="rowNumbers">false</option>
        <option name="drilldown">cell</option>
        <option name="count">15</option>
      </table>
    </panel>
  </row>    ...

In above case - clicking on "Whois" field will open new browser tab where value of "src_ip" field will be taken and sent as a parameter to "who.is" service. Feel free to replace this with another service of your choice.

View solution in original post

Reply
Solved! Jump to solution
Solution

gesman_splunk
Splunk Employee
Splunk Employee
‎12-20-2016 05:50 PM

Simpler and pure Simple XML solution would be to add a drilldown capability on IP field.
Alternatively (what I did) - create a another field right next to IP, name it "Whois" and make click on this field to open new browser tab to execute "whois" on IP.

Such as:

  ...
  <row>
    <panel>
      <table>
        <title>Investigation Results</title>
        <searchPostProcess base="root_search">
          ...
        </searchPostProcess>
        <drilldown target="_blank">
          <link field="Whois">
            <![CDATA[ http://who.is/whois-ip/ip-address/$row.src_ip$ ]]>
          </link>
        </drilldown>
        <option name="rowNumbers">false</option>
        <option name="drilldown">cell</option>
        <option name="count">15</option>
      </table>
    </panel>
  </row>    ...

In above case - clicking on "Whois" field will open new browser tab where value of "src_ip" field will be taken and sent as a parameter to "who.is" service. Feel free to replace this with another service of your choice.

Reply
Solved! Jump to solution

packet_hunter
Contributor
‎12-22-2016 09:41 AM

Thank you very much I will give it a shot and let you know how it goes.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...