Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
DNS Report with Client IP Addresses Domain Name queried and Count Query
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2021 08:45 AM
1811     0
Hi All
Is it possibile have\build a report with the fileds in title message?
CLIENT, CLIENT_Queries and FQDN Queried
I try to create it "merging" in some way two existing reports wich have the fields and information needed:
DNS Top Client (without the splunk code to obtain TOP) and
DNS Domain Queried by Client
Some like this:
index=ib_dns_summary | lookup dns_viewkey_displayname_lookup VIEW output display_name | stats sum(COUNT) as FQDN_TOTAL by FQDN |stats sum(COUNT) as CLIENT_QUERIES by CLIENT |eventstats sum(CLIENT_QUERIES) as TotCLIENT | eventstats sum(FQDN_TOTAL) as TOTAL| rename FQDN_TOTAL as Count, FQDN as "Domain Name" | fields "Domain Name", Count, TotCLIENT
But the result is a standard event
Thanks in advance