Splunk Enterprise Security

Splunk App for Enterprise Security: Network Resolution (DNS) datamodel not populating

DmitryTchersak
New Member

The dns datamodel is not populating because out of the box neither ES or the Windows Infrastructure app have the tag constraints defined. The datamodel is looking for the following three tags "tag=network tag=dns tag=resolution" for windows debug dns requests these tags are not defined anywhere.

Is there another app that is required to create these tags? or are there eventtypes that exist that can be mapped for example to the resolution tag?

0 Karma

mreynov_splunk
Splunk Employee
Splunk Employee

DNS data model is actually used in many add-ons.
For windows add-on this is currently a known issue and under active development.

0 Karma

aholzel
Communicator

As far as I have figured it out the DNS datamodel is only for DNS data provided via the splunk stream app.

0 Karma
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...