10-01-2016 06:58 AM - edited 10-01-2016 06:59 AM
I am a newbie to infoblox reporting module.I want to run a job for getting TOP DNS client per domain report and when i run the job i am getting no result found but we have lot of DNS queries happening.Below is the script that I can see in the search option.I need a report for like what is the source IP and there queried URL.Really looking forward for a solution.
index=ib_dns_summary report=si_top_clients_per_domain | lookup dns_viewkey_displayname_lookup VIEW output display_name | stats sum(COUNT) as CLIENT_QUERIES by FQDN CLIENT | sort -CLIENT_QUERIES | head 10 | eventstats sum(CLIENT_QUERIES) as TOTAL | eval PERCENT=round(CLIENT_QUERIES*100/TOTAL,1) | eval PCLIENT=CLIENT+"("+PERCENT+"%)" | rename FQDN as "Domain", CLIENT as "Client", CLIENT_QUERIES as Queries | fields "Domain", "Client", Queries
10-03-2016 09:51 AM
Hello AJ and welcome!
Do your other reports work? Can you see the raw events? Try searching wih:
If that doesn't return anything it could indicate that your DNS appliances aren't properly sending data to the reporting server. This could be for a number of reasons:
- You haven't configured the indexes properly under the "grid reporting properties"
- Network ACLs are preventing the necessary communications
10-09-2016 01:36 AM
Thanks RBarlow for the reply.
We dont have any ACL configured.
And sorry to ask what do you mean by indexes configuration...what option should I check for to generate this report.Other reports like RPZ hit report and all are working.
10-31-2016 10:24 AM
Search the NIOS admin guide for the section on "Reporting (Index) Storage Space". It describes the indexes and hwo to configure them.
10-31-2016 01:39 PM
As Roger mentioned, you would need to verify that the "DNS Query" indexing category is enabled for indexing either at the "Grid Reporting Properties" or under individual DNS "Member Reporting Properties" or both. <screenshots attached>
Additionally, DNS Top Clients per Domain, is a per domain report where you need to specify the domain names that reqire monitoring. <screenshots attached>
Though documentation suggests that only authoritative domains are supported, both authoritative and external domains are supported [As far as I have tested in 7.3.x and 8.0].