Hello,
Has anyone implemented whois lookups in Splunk - and if so, how did you do it?
I tried the whois add-on @ http://apps.splunk.com/app/321/ but didn't have any luck with it.
Thanks!
Update 5/16: (bump)
One way would be to create a workflow action for the field with the IP you want to lookup, and then passing that value to the whois.net url.
Try this new app with free Whois: https://splunkbase.splunk.com/app/3506/
One way would be to create a workflow action for the field with the IP you want to lookup, and then passing that value to the whois.net url.
I'll try that! Thanks
This is for external IP's indexed from perimeter devices (firewall, IPS, etc.).