Hi, I know my question is a little bland, so I'll elaborate here:
If I have a user with IP 10.7.102.36 going to www.google.com, and I find both "google.com" and the source IP through our infoblox DNS and place them into a table. How would I find the IP, and place it into the same table? With the table looking something like this:
|| google.com || 10.7.102.36 || John.Doe || _time
The sourcetype required to get the webpage and the IP address is "infoblox:dns", and the sourcetype required to get the username for that IP address is "ias"
Here is my search:
index=* (sourcetype="infoblox:dns") page_name!="" dns_request_client_ip!=""
| table page_name dns_request_client_ip user _time
| search (page_name=*)
| rename page_name as "Site" dns_request_client_ip as "Client IP" | sort - _time
I'd appreciate any help you can give me. I'm quite new to splunk, so this is a relatively difficult task for me.
... View more