THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

Reporting

Reply

DNS Report with Client IP Addresses Domain Name queried and Count Query
Fabio
Authority
Posts: 15

‎10-29-2021 08:45 AM

1732     0

Hi All

Is it possibile have\build a report with the fileds in title message?

CLIENT, CLIENT_Queries and FQDN Queried

 

I try to create it "merging" in some way two existing reports wich have the fields and information needed:

DNS Top Client (without the splunk code to obtain TOP) and

DNS Domain Queried by Client

 

Some like this:

index=ib_dns_summary | lookup dns_viewkey_displayname_lookup VIEW output display_name | stats sum(COUNT) as FQDN_TOTAL by FQDN |stats sum(COUNT) as CLIENT_QUERIES by CLIENT |eventstats sum(CLIENT_QUERIES) as TotCLIENT | eventstats sum(FQDN_TOTAL) as TOTAL| rename FQDN_TOTAL as Count, FQDN as "Domain Name" | fields "Domain Name", Count, TotCLIENT

But the result is a standard event

 

Thanks in advance

 

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements