Follow the steps in this recipe to look up hostnames for given IP addresses:
- On your Splunk server, create a new transforms.conf file at $SPLUNK_HOME/etc/apps/operational_intelligence/local/transforms.conf. If one already exists, then you can just edit the existing file.
- Add the following text to the file and save it:
[dnsLookup] external_cmd = external_lookup.py clienthost clientip fields_list = clienthost, clientip
- Return to the Splunk web interface and select the Operational Intelligence application.
- In the search bar, enter the following search:
index=main sourcetype="access_combined" | lookup dnslookup clientip
- Hit your Enter key and the search should start; wait for some results to show.
- You should now see a ...