Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Monitor Multiple DNS requests which are not resolved by DNS server from a particular source using SPL

dhananjay
Loves-to-Learn Lots
‎04-04-2023 05:42 AM

Conditons to create query:

1) Query should not contain any eventcode

2) Query must be build from DNS data model

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-04-2023 05:47 AM

This is a bit vague - what events do you have (please share some examples)? how often do you want to check? over what time period? which source are you interested in? are you looking for differences in resolutions or just the number of requests resolved?

0 Karma
Reply

dhananjay
Loves-to-Learn Lots
‎04-04-2023 05:51 AM

I have corrected my previous question so please check it.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-04-2023 05:57 AM

Thanks - hopefully someone will know what the DNS Data Model looks like and what events are available from it, but it is beyond my ken.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top