All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DNS lookup for IP address in Log Meesage

Ak_C
New Member
‎09-19-2013 09:21 PM

Hello 🙂

I need help in DNS resolution of the ip addresses in the logs:

*Oct 9 21:31:47.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.30.0.20 (Tunnel10) is up: new adjacency

I've this log configured as report which shows me top Ip addresses (tunnel - e.x. 172.30.0.20) bouncing. Problem with my report is:

When i use extraction field for "172.30.0.20" it only shows the Ip address I would like that to be changed in DNS name like we have hostnames.

0 Karma
Reply

MuS
Legend
‎09-19-2013 11:53 PM

Hi Ak_C

Check out the docs about the example on how to use DNS lookup for host IP.

Splunk ships with a script to handle this kind of external reverse DNS lookups .

hope this helps...

cheers, MuS

0 Karma
Reply

MuS
Legend
‎10-24-2014 08:28 AM

HeHe my bad....this truely an search time operation. I'll update the answer thx for the hint!

0 Karma
Reply

jmeyers_splunk
Splunk Employee
Splunk Employee
‎10-23-2014 08:25 AM

I'm pretty sure that this is a search time lookup operation. what makes you think that it is index time only?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...