Install the Splunk app - Splunk Add-on for Microsoft Windows DNS
Add below configuration in props.conf to get domain name in human readable format.
[MSAD:NT6:DNS]
EXTRACT-question1 = ] (?\w+)\s+(?.)
EXTRACT-question2 = ] (?[^\s])$
EVAL-domain = trim(replace(questionname, "(([\d]+))", "."),".")
... View more