This dashboard allows the identification of clients that have looked up a given FQDN as well as being able to list all FQDNs that a given client has looked upSource IP Addresses Looking Up Domain Name
sourcetype=ib:dns:capture index=ib_dns_capture $query$ | eval query=lower(query) | rename src_ip as "Source IP Address", query as "Domain Name" | stats values("Source IP Address") as "Source IP Address" by "Domain Name"$timeframe.earliest$$timeframe.latest$
Domain Names Queried By Source IP Address
sourcetype=ib:dns:capture index=ib_dns_capture $source$ | eval query=lower(query) | rename src_ip as "Source IP Address", query as "Domain Name" | stats values("Domain Name") as "Domain Names Queried" by "Source IP Address"$timeframe.earliest$$timeframe.latest$