Splunk Search

Has anyone implemented whois lookups?

Builder

Hello,

Has anyone implemented whois lookups in Splunk - and if so, how did you do it?

I tried the whois add-on @ http://apps.splunk.com/app/321/ but didn't have any luck with it.

Thanks!

Update 5/16: (bump)

Tags (3)
0 Karma
1 Solution

Path Finder

One way would be to create a workflow action for the field with the IP you want to lookup, and then passing that value to the whois.net url.

http://docs.splunk.com/Documentation/Splunk/5.0.2/Knowledge/Aboutlookupsandfieldactions#Workflow_act...

View solution in original post

SplunkTrust
SplunkTrust

Try this new app with free Whois: https://splunkbase.splunk.com/app/3506/

0 Karma

Path Finder

One way would be to create a workflow action for the field with the IP you want to lookup, and then passing that value to the whois.net url.

http://docs.splunk.com/Documentation/Splunk/5.0.2/Knowledge/Aboutlookupsandfieldactions#Workflow_act...

View solution in original post

Builder

I'll try that! Thanks

0 Karma

Builder

This is for external IP's indexed from perimeter devices (firewall, IPS, etc.).

0 Karma