Solved: Re: Some hosts come in as IP some as hostname easy...

Pierceyuk · ‎12-18-2013

Hey, So we have a few hundred hosts coming in, some come in as dns hostname, some come in as IP address.

What is the best practice for dealing with this? Make everything IP or hostname?

Is it possible to add an IP and hostname to all these records via some lookup? Or should I 'decide' on either hostnames or IP addresses and try to get everything set the same?

Thanks,
Pierce

somesoni2 · ‎12-18-2013

Best approach will be have your forwarder configured to send in one format. If its not easy, then you can use dns lookup feature in splunk to convert all to one type, either hostname or IP, up to you. For reference see this: http://answers.splunk.com/answers/8051/dns-lookup-via-splunk

View solution in original post

somesoni2 · ‎12-18-2013

Best approach will be have your forwarder configured to send in one format. If its not easy, then you can use dns lookup feature in splunk to convert all to one type, either hostname or IP, up to you. For reference see this: http://answers.splunk.com/answers/8051/dns-lookup-via-splunk

Some hosts come in as IP some as hostname easy way to make searching easier?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services