All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DNS lookup for IP address in Log Meesage

Ak_C
New Member
‎09-19-2013 09:21 PM

Hello 🙂

I need help in DNS resolution of the ip addresses in the logs:

*Oct 9 21:31:47.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.30.0.20 (Tunnel10) is up: new adjacency

I've this log configured as report which shows me top Ip addresses (tunnel - e.x. 172.30.0.20) bouncing. Problem with my report is:

When i use extraction field for "172.30.0.20" it only shows the Ip address I would like that to be changed in DNS name like we have hostnames.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎09-19-2013 11:53 PM

Hi Ak_C

Check out the docs about the example on how to use DNS lookup for host IP.

Splunk ships with a script to handle this kind of external reverse DNS lookups .

hope this helps...

cheers, MuS

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎10-24-2014 08:28 AM

HeHe my bad....this truely an search time operation. I'll update the answer thx for the hint!

0 Karma
Reply

jmeyers_splunk
Splunk Employee
Splunk Employee
‎10-23-2014 08:25 AM

I'm pretty sure that this is a search time lookup operation. what makes you think that it is index time only?

0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!