For example, within a simple firewall search report, I am looking for destination IP addresses coming from a certain source IP address. Can I generate a report that will show each destination IP address, count them, then show the resolved hostname for each found destination IP address?
Thanks!
This can be accomplished with a scripted lookup. Seems like there is one of these already built into splunk as an example. The script itself is $SPLUNK_HOME/etc/system/bin/external_lookup.py
. There's an example of using it at http://www.splunk.com/base/Documentation/4.2.2/Knowledge/Addfieldsfromexternaldatasources under "Example of external fields lookup "
I"ll give it a shot! Thanks!