Reply

DNS Replies Trend report

Authority
Posts: 24
143     0

I'm looking to see if anyone knows or has a report that gives a total number of specific replies for whatever date range is input. I'm trying to show total number of NXDOMAIN queries for a month, week, etc. at a time and the DNS Replies report only shows 10 minute intervals and doesn't give an overall total number count.

 

Does anyone know the Splunk code where I can just input a date range and get a total count of NXDOMAIN or Successfull queries?

 

Thanks. 

Highlighted

Re: DNS Replies Trend report

[ Edited ]
Adviser
Posts: 126
143     0

Hello Steve,

 

I’m not sure if you’re still looking for this. But this simple SPL should return you the net number of NXDOMAIN responses from the Infoblox DNS servers, on a per member basis (For the said time) :

 

index=ib_dns_summary report=si_top_nxdomain_query | stats sum(COUNT) as QCOUNT by orig_host | rename orig_host as SERVER_NAME | sort -QCOUNT

 

Note that the data for this specific report/index is updated every 30 minutes, starting at the 5th minute of each half hour. Data covers the first 30 minutes of the previous 60 minutes. So you should keep that in mind if you intend to do real-time testing. Having a data connector in the grid would enable you in getting more refined reports for such use-cases. An advantage is that the index data for this category(ib_dns_capture) is expected to be updated real time. Let me know if you have any questions.

 

All the best,

Mohammed Alman.

Showing results for 
Search instead for 
Do you mean 

Recommended for You