Hi,
I'm looking at alerting on SNMP traps in Splunk and one thing that I need to do is to be able to lookup the hostname from the IP address listed in the event - the hostname will be pulled via a .csv.
The csv has the following columns with data populated underneath:
customer_hostname,customer_IP
SNMP trap information shows the customer IP address of the device, but I need the hostname to be pulled from the .csv and added to a field/event info so we can see the hostname clearly.
Any information on how to this would be greatly appreciated.
Hi,
If you have a lookup with IPs and hostnames you can use the lookup command:
Your_search
| lookup my_lookup.csv IP OUTPUT hostname
| ...
If instead you can access the DNS you can use the dnslookup command.
Bye.
Giuseppe