Hi Team,
I was trying to achieve the DNS lookup concept in splunk 6.4.2 in window server but its not working ,can someone pls help me on this.
I have gone through an article and did the set up as it is
inside etc folder created a new folder named search in side search hv created two more as local and lookups
copied the external_lookup.py file from etc/bin to above lookup folder and in side local I created two conf files named props.conf and transforms.conf below are the config which I have done in both the files.
props.conf :
[pan:traffic]
LOOKUP-rdns = dnsLookup ip AS host OUTPUT host as hostname
transforms.conf :
[dnsLookup]
external_cmd = external_lookup.py host ip
fields_list = host, ip
then restarted the splunk and tried to search like below
index=pan_logs sourcetype=pan:traffic | lookup dnsLookup ip AS host OUTPUT host as hostname
but am getting this error
Error in 'lookup' command: The lookup table 'dnsLookup' does not exist or is not available.
please help me to resolve the error.
Regards,
Neelu
↧