|Has index-time operations||false|
|Create an index||false|
The DNS Protocol Translate External Lookup allows the translation of DNS wire-format packet data to a human readable format using Python's dnslib (https://pypi.org/project/dnslib/)
1.0.0 - Initial release
Version 1.0.0 of the DNS Protocol Translate External Lookup is compatible with:
|Splunk Enterprise versions||8.0, 8.1, 8.2|
|Lookup file changes||None|
Support for this app is provided by Hurricane Labs. Please send questions to email@example.com
Note that we will make our best effort to assist you, but as this app relies on an external Python library we did not develop, we cannot guarantee we will be able to fix problems that may occur.
This external lookup works on all Splunk platforms (Linux, macOS, and Windows).
Install to search head
Install to search head and indexer cluster
The lookup can be called by using | lookup protocol_translation_lookup RDATA record_type OUTPUT translation in a search. RDATA corresponds to the DNS wire-format packet data, and record_type correspondst to the type (ex. A, AAAA, TXT). Both must be present in the data for the external lookup to function.
More information about extending the functionality of this lookup (e.g. make it automatic) can be found at https://dev.splunk.com/enterprise/docs/devtools/externallookups/createexternallookup/