Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Does Splunk do Internet Name Resolution?

garciatdg
New Member
‎04-02-2020 06:28 PM

I am doing an experiment at home to capture Internet traffic for all of my devices in my house connected to my home wi-fi. I heard in a conference that a guy setup Splunk Streaming on his splunk instance and was able to capture all traffic between his wireless router and any device in his house. 

sourcetype="stream:ip" src_ip="192.168.1.16"
| stats count by dest_ip

I put this quick query together but I don't think I'm capturing everything, but I'd also like to have splunk resolve the Dest_IP
For example, if I pull up Google.com, I'd like to see in a Splunk Table "google.com" and not "172.217.5.78"

my results are as follows

alt text

Tags (1)
Preview file
1 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎04-03-2020 05:16 AM

Yes, assuming DNS is accessible by the search head, just add this to the bottom:

... | lookup dnslookup clientip AS dest_ip
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...