Hello Team,
Can someone pls help me to built a query using dnslookup to output multiple evnt from the event list in a single query.
index=pan_logs source="udp:51401" |lookup dnslookup clientip AS client_ip OUTPUT clienthost as client_host
The above query works perfectly but in the search event I have multiple event list which is having ip addtress which I want to get the mapped host name with the above query. Tried other possible options but its not working.
Please help me one this or suggest if there is any other way to achieve this .
Regards,
Neelu
↧