Home
Join the Community
Welcome Center
Welcome Center
Join Slack
Be a Splunk Champion
SplunkTrust
Splunk MVP
Become a User Group Leader
Splunk Love
Share a Tip
Find Answers
Splunk Administration
Getting Data In
Deployment Architecture
Monitoring Splunk
Using Splunk
Splunk Search
Dashboards & Visualizations
Splunk Products
Splunk Enterprise
Splunk Enterprise Security
Splunk Cloud Platform
Splunk Observability Cloud
Splunk AppDynamics
Splunk SOAR
Apps & Add-ons
All Apps and Add-ons
Splunk Development
Events
User Groups
Tech Talks: Technical Deep Dives
Office Hours: Ask the Experts
From Data to Insight: The Splunk Dashboard Contest
Dashboard Contest Terms and Conditions
Blogs
Community Blog
Product News & Announcements
Training & Certification Blog
Learning
Learning Paths
Training & Certification
Training + Certification Discussions
AppDynamics Knowledge Base
Best of conf
Resources
.conf25
Splunkbase
Developers
Documentation
Splunk Ideas
Splunk Events
Voice of Customer
Sign In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Show
only
|
Search instead for
Did you mean:
DNS Base64 Decoder
Splunk Community
×
Join the Conversation
Without signing in, you're just watching from the sidelines.
Sign in or Register
to connect, share, and be part of the Splunk Community.
Ask a Question
DNS Base64 Decoder
Options
Subscribe
DNS Base64 Decoder
DNS Base64 Decoder
# DNS Decoder — Splunk Custom Search Command Decodes Base64-encoded DNS wire-format messages in SPL. ## Test It ```spl | makeresults | eval dns_answer='6RmBgAABAAIAAQAAEmRpcmVjdG9yeS1zZWFyY2gtYQR3YngyA2NvbQAAQQABwAwABQABAAAAPAAQDXByb2QtYWNobS1jaTHAH8A5AAUAAQAAADwAQBh3eHQtY2ktaW5ncmVzc2dhdGV3YXktZHMTd3h0Y2ktcHJvZC1hY2htLWNpMQRwcm9kBWluZnJhBXdlYmV4wCTAggAGAAEAAABeAEUGbnMtODg4CWF3c2Rucy00NwNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAkAAAAAQAAHCAAAAOEABJ1AAABUYA=' | dnsdecode field=dns_answer | table dns_query_name dns_query_type dns_rcode dns_answer_count dns_answers ``` ## Usage in SPL ```spl index=dns sourcetype=your_dns_logs | dnsdecode field=dns_answer | table _time dns_query_name dns_query_type dns_rcode dns_answer_count dns_answers ```
Ask a Question
View in Splunkbase
0
topics and
0
replies mentioned DNS Base64 Decoder in
Splunk Community
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.
