Thanks for this - provides exactly the info that was required. It would be great if the Splunk doco was updated to reflect, this much, much, much simpler way of doing dns lookups!
One thing for other people who might do this - I did notice is that when you're doing searches (i.e. hostname="devicename"), it is slow for the 1st time that the info is added to the record. Once its added, its all fast again, which is as you would expect as its updating historical records, but once its there (which is the case for new info anyways), its all good!
... View more