I have a real need to insert a hostname into an event at collection\index time not at search time. Seeing that most of the IP's that I'm looking to resolve to hostnames change very frequently I need to capture the hostname and include it in the event when it is indexed. Does anyone know a way to do that? I looked at these articles but they don't seem to be helpful to do it at index time.
So basically a quick reverse DNS lookup and insert it into the event as a "hostname" field would be perfect. This will allow me to follow specific hosts and have information on every IP that host had.
http://splunk-base.splunk.com/answers/1884/lookups-using-them-to-replace-the-host-field
http://splunk-base.splunk.com/answers/27840/ip-address-vs-hostname
http://blogs.splunk.com/2009/12/15/reverse-dns-lookups-for-host-entries/
http://splunk-base.splunk.com/answers/61853/resolve-ip-address
Thanks,
-Ben
... View more