I'm trying do a reverse DNS lookup in splunk and i'm also having some issues. I have the following in my props.conf file...
[access_combined]
LOOKUP-rdns = dnsLookup ip AS clientip OUTPUTNEW host AS hostname
I think the problem may be that the field that i'm trying to do the reverse lookup on isn't called ip or clientip, it's called client_ip. My transforms.conf looks like this:
[dnsLookup]
external_cmd = external_lookup.py host ip
fields_list = host, ip
Just looking for some direction here. I've been unable to get a reverse lookup to work so far. Thanks
... View more