Re: Convert IP address into hostname

sympatiko · ‎07-02-2015

Hi,

Is there a way on search query to resolve any IP result into hostname?

Thanks

martin_mueller · ‎07-03-2015

No app needed, Splunk comes with a DNS lookup out of the box:

some search returning a field called ip | lookup dnslookup clientip as ip OUTPUT clienthost as your_shiny_host_field

woodcock · ‎07-02-2015

You need the dnslookup app:

https://splunkbase.splunk.com/app/1535/

sympatiko · ‎07-03-2015

Hi Im getting an "Unknown search command 'dnslookup'

woodcock · ‎07-03-2015

Did you install the app on your Search Head? That is all I did and it worked great. It isn't my app so I would read through the app documentation and make sure that you have all prerequisites and see if there are any notes that will help you.

Convert IP address into hostname

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation