icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading TA for Infoblox IPAM
SHA256 checksum (ta-for-infoblox-ipam_104.tgz) 873505c9cdf5e8ca36b45b3f4c28f123a24304270ad8dca8faa8cd5ed23aa807 SHA256 checksum (ta-for-infoblox-ipam_103.tgz) b47f6b6bfcf912d84be828d4846abb4ee36047c74cebcc9f7bda03c299958997 SHA256 checksum (ta-for-infoblox-ipam_102.tgz) 0844e187ffe25f4a76232c0256275127e4a5b7f76bc03e920172ecfe4775e336 SHA256 checksum (ta-for-infoblox-ipam_101.tgz) 0d67d1b4e12efe18fa9db6ce2b4c6bf64d209ac6c717b0e86b5376261247bc55
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

TA for Infoblox IPAM

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
This technical add-on is designed to pull extended attributes for hosts, ip addresses and networks from Infoblox DDI/NIOS application.


Infoblox DDI is a popular DNS, DHCP and IPAM (DDI) system. OOTB there are integrations (via add-ons) with Splunk which provide information about DHCP and DNS services, but there are no IPAM data flows. Luckily, Infoblox (actual product name is NIOS) provides a good REST API that can be used to overcome this gap.

TA for Infoblox IPAM

This custom technical add-on for Infoblox APIs was built using the Splunk Add-on Builder app (https://splunkbase.splunk.com/app/2962/). The add-on should be installed on your Heavy Forwarders/Indexers and your Search Head instances.

There are three main inputs that can be configured in the TA on your Heavy Forwarder/Indexer:
- /record:host - this lists all host records (from DNS)
- /record:host_ipv4addr - this lists all IPv4 addresses
- /network - this lists all network segments available in IPAM + extended attributes (e.g. location)

REST API URL is usually found at: https://<your_infoblox_instance>:443/wapi/v2.7

For authentication the add-on uses Basic Auth mechanism. Read the API docs here: https://docs.infoblox.com/download/attachments/8945695/Infoblox_RESTful_API_Documentation_2.9.pdf for further details.


Setup parameters for the TA

Field Value
Account name Infoblox
Username <your username>
Password <your password>
Log level WARNING
REST API home https://<your_infoblox_instance>:443/wapi/v2.7
HTTP request timeout 180

Setup parameters for the inputs


Field Value
Input name Hosts
Interval 86400
Index <desired index>
Requested fields zone,ipv4addrs,name,view,disable,dns_name,extattrs
Item limit 1000
Global account Infoblox

IPv4 addresses

Field Value
Input name IPv4
Interval 86400
Index <desired index>
Requested fields configure_for_dhcp,host,ipv4addr,mac
Item limit 1000
Global account Infoblox


Field Value
Input name Networks
Interval 86400
Index <desired index>
Requested fields dynamic_hosts,comment,disable,network,network_view,extattrs,ipv4addr,netmask,members,static_hosts,total_hosts,unmanaged,utilization
Item limit 1000
Global account Infoblox


The TA logs are sent into the "_internal" index by default. You should perform a search like the following:
index=_internal source="/opt/splunk/var/log/splunk/ta_infoblox_api*"

This search will return the contents of the TA logs for the time range you select.

Note that if you see some errors mentioning "next page id" this will be normal, because this means that the input has reached the end of the list of items returned by the API. Anything else deserves to be investigated.

Release Notes

Version 1.0.4
Oct. 14, 2020

Version 1.0.3
Oct. 13, 2020

Updated permissions in package to follow best-practices.

Version 1.0.2
Oct. 13, 2020

Updated icon set and colors. Everything else is the same.

Version 1.0.1
Oct. 13, 2020


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.