Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

DNS Names in Events

FraserC1
Path Finder
‎03-13-2018 06:39 AM

Hi there,

We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addresses in the events.

So what I want is when I search for a host or search against an ACL rule, is that it (if it can resolve the hostname) will show the hostname instead of the IP address.
I'm wondering if anyone has managed to get this working at all?

Cheers.

0 Karma
Reply

deepashri_123
Motivator
‎03-14-2018 12:55 AM

Do you have a list of ip addresses and their hostnames?
If yes then you can add this list as lookup and automate the lookup to get the hostnames at search time
Reference:
http://docs.splunk.com/Documentation/Splunk/7.0.2/Knowledge/DefineanautomaticlookupinSplunkWeb

Let me know if this helps!!

0 Karma
Reply

FraserC1
Path Finder
‎03-14-2018 01:50 AM

Hi, thanks for your response!
This looks interesting I will give it a shot.
So there is no way for it query the DNS server instead of using a csv file?

0 Karma
Reply

Sukisen1981
Champion
‎03-13-2018 08:46 AM

any sample data of what you want AND how your logs look like?

0 Karma
Reply

FraserC1
Path Finder
‎03-13-2018 08:56 AM

Below is what I currently see (edited out ip addresses).

Link: alt text

What I would like to see is hostnames instead of IP addresses.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...