Solved: Can both hostname and source IP be searchable?

yumology · ‎04-22-2011

Right now we have a lot of devices reporting syslogs into splunk. I'd really like to be able to search them by hostname or IP address. Is there a way to get both the IP address and the DNS lookup of the device into Splunk for the same syslog message?

For instance if I have a device located at 172.16.57.1 and it's in DNS as YUM-CA-FW, then it would be nice to search for this device either way:
host_ip="172.16.57.1"
or
host_name="YUM-CA-FW"

Is this possible?

If it is, can I take it a step further and have both a host_realIP and host_natIP?

IgorB · ‎04-23-2011

You can easily do it by using lookups.

View solution in original post

Horor · ‎08-27-2012

Hi,
you can Get both Ip-Address and Host using the site Ip-Details.com .They are accurate and Reliable.I usually do Ip-Search in this site.So I Prefer you to this site.It will be more Useful to you....

IgorB · ‎04-23-2011

You can easily do it by using lookups.

Can both hostname and source IP be searchable?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

Can both hostname and source IP be searchable?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers