03-15-2017 06:52 PM
Looking to create a custom report given a particular ip address representing a dns client; need to view all the dns requests and replies coming from that client and the dns server for a given time period. Ideas on what to clone and use as search strings appreciated.
Solved! Go to Solution.
04-24-2017 11:57 AM
You need to use Data Connector and forward query/response logs to the reporting server.
Here is a deployment guide:
You can access the logs using this search: "sourcetype=ib:dns:capture index=ib_dns_capture "
As a base for your report you can use "DNS Top Clients Querying MX Records"