DNS lookup for IP address in Log Meesage

Ak_C · ‎09-19-2013

Hello 🙂

I need help in DNS resolution of the ip addresses in the logs:

*Oct 9 21:31:47.095: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.30.0.20 (Tunnel10) is up: new adjacency

I've this log configured as report which shows me top Ip addresses (tunnel - e.x. 172.30.0.20) bouncing. Problem with my report is:

When i use extraction field for "172.30.0.20" it only shows the Ip address I would like that to be changed in DNS name like we have hostnames.

MuS · ‎09-19-2013

Hi Ak_C

Check out the docs about the example on how to use DNS lookup for host IP.

Splunk ships with a script to handle this kind of external reverse DNS lookups .

hope this helps...

cheers, MuS

MuS · ‎10-24-2014

HeHe my bad....this truely an search time operation. I'll update the answer thx for the hint!

jmeyers_splunk · ‎10-23-2014

I'm pretty sure that this is a search time lookup operation. what makes you think that it is index time only?

Are you a member of the Splunk Community?