- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for Enterprise Security: Network Resolution (DNS) datamodel not populating
DmitryTchersak
New Member
09-02-2015
11:40 AM
The dns datamodel is not populating because out of the box neither ES or the Windows Infrastructure app have the tag constraints defined. The datamodel is looking for the following three tags "tag=network tag=dns tag=resolution" for windows debug dns requests these tags are not defined anywhere.
Is there another app that is required to create these tags? or are there eventtypes that exist that can be mapped for example to the resolution tag?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

mreynov_splunk

Splunk Employee
09-08-2015
07:22 PM
DNS data model is actually used in many add-ons.
For windows add-on this is currently a known issue and under active development.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aholzel
Communicator
09-07-2015
05:12 AM
As far as I have figured it out the DNS datamodel is only for DNS data provided via the splunk stream app.
