I am trying to do a reverse dns resolution (obtain the domain name with the IP address).
I am using the external_lookup.py script that is able to do dns resolutions in both ways. I need to resolve the dns dynamicaly that's why I need an external script.

First, I don't think I understand what you are trying to do.

If you want to have Splunk look up IP addresses in a fixed file, you don't need external_lookup.py

A file-based lookup is much easier than what you are doing. There is documentation for creating a file-based lookup at Setup a fields lookup based on a static file . The documentation shows how to edit props.conf and transforms.conf

But you can do this very easily from the Manager UI:

1. Build a CSV file on your desktop that contains the data you need. The first row MUST be a header; the column names will be the field names in your lookup.
2. Go to Manager » Lookups in the Splunk UI
3. Add a new Lookup Table File. This is where you will upload the CSV file from your desktop into Splunk.
4. Add a new Lookup Definition. This is where you tell Splunk that you want to do a file-based lookup, using your Lookup Table file from the previous step.
5. Add a new Automatic Lookup. Here you tell Splunk how to use your Lookup Definition automatically, and tell it which fields to retrieve, etc.
6. Be sure to set permissions on each of the items: the table, the definition, and the automatic lookup - if you want them to be used by others.

Once you create the lookup in the UI, you can see what it does in props.conf and transforms.conf - but no need to create them yourself.