I installed splunk 4.2.3 and I want to monitor statistics of BIND 9.7.2 (DNS) queries through it. I used SPLUNK FOR BIND application and installed it in splunk panel, but in dashboard I can't see any graph and splunk shows me this (in more info link):
search sourcetype=named eventtype=named_event host="" named_query_type="" | timechart count by host usenull="f" useother="f"
It seems that splunk can't find BIND log files and events.
I made a props.conf file and put it in /opt/splunk/etc/apps/named/local. its content is:
[named]
pulldown_type = true
maxDist = 3
TIME_FORMAT = %b %d %H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD = 32
TRANSFORMS = syslog-host
REPORT-syslog = syslog-extractions
SHOULD_LINEMERGE = False
[source::/var/named/data/named.log]
sourcetype=named
what is the problem in drawng DNS graphs?
... View more