These 2 add-ons provide 2 different ways to perform a whois. The included whois library is open source with MIT license from: https://github.com/DannyCork/python-whois. The user is free to use this as is or can subsitute their own whois library within the code. Both parts of this add-on are used in the context of a Splunk app. A requirement is that your data contains external IP addresses that can be used for workflow actions and/or look up commands. First extract your IP addresses from your index data. See the Splunk Docs on how to extract a field. For example, I have used ip as the name of my field. This is then used as input to the look up and the work flow actions. READ the include README.txt for installation.