Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Searching results after dnslookup

adamschmitz
Path Finder
‎02-04-2016 07:24 AM

I'm trying to figure out a way to search/report on syslog data by machine name when the original input is IP only.

Example:
Feb 4 08:41:11 10.5.3.62 2016- 2- 4 14:41:14 event XYZ happened on ip 10.5.12.231.

I do a dnslookup to convert the IP to the name. Since our naming convention tells me what OS the computer has I want to be able to search on the machine name to filter by OS type. This way I can see event XYZ happened on these 14 Macs or these 5 Windows machines and create dashboards based on that information.

I tried subsearches but that didn't seem to get me anywhere.

Thanks.

Tags (2)
0 Karma
Reply

javiergn
Super Champion
‎02-04-2016 10:35 AM

Hi,

I can think of two options at least:

1. External lookup
Perform a DNS lookup via script. See this.

PROS: quick and easy to configure
CONS: slow

2. DB or CSV lookup
Write a script to dump all your internal DNS records into a CSV file or SQL database
Then configure a file or database lookup.
Keep in mind CSV is natively supported whereas DB is not and you need an app.

PROS: good performance
CONS: requires some maintenance and might not be fully real-time

Hope that helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...