Using Lookups » History » Version 1
Luke Murphey, 07/27/2017 10:57 PM
| 1 | 1 | Luke Murphey | h1. Lookups |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | Network Toolkit includes custom lookups that can be used to get information on hosts within events. The lookups provided are: |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | * whois |
| 6 | 1 | Luke Murphey | * ping |
| 7 | 1 | Luke Murphey | * traceroute |
| 8 | 1 | Luke Murphey | * nslookup |
| 9 | 1 | Luke Murphey | |
| 10 | 1 | Luke Murphey | Below are some examples of running these commands: |
| 11 | 1 | Luke Murphey | |
| 12 | 1 | Luke Murphey | Whois: |
| 13 | 1 | Luke Murphey | <pre> |
| 14 | 1 | Luke Murphey | * | head 1 | eval host_to_lookup="splunk.com" | lookup whois host as host_to_lookup | table _raw host raw updated_date nameservers registrar whois_server query creation_date emails expiration_date status id |
| 15 | 1 | Luke Murphey | </pre> |
| 16 | 1 | Luke Murphey | |
| 17 | 1 | Luke Murphey | Ping: |
| 18 | 1 | Luke Murphey | <pre> |
| 19 | 1 | Luke Murphey | * | head 1 | eval host_to_lookup="splunk.com" | lookup ping host as host_to_lookup | table _raw host sent received packet_loss min_ping max_ping avg_ping jitter return_code raw_output |
| 20 | 1 | Luke Murphey | </pre> |
| 21 | 1 | Luke Murphey | |
| 22 | 1 | Luke Murphey | Traceroute: |
| 23 | 1 | Luke Murphey | <pre> |
| 24 | 1 | Luke Murphey | * | head 1 | eval host_to_lookup="splunk.com" | lookup traceroute host as host_to_lookup | table _raw host return_code raw_output hops |
| 25 | 1 | Luke Murphey | </pre> |
| 26 | 1 | Luke Murphey | |
| 27 | 1 | Luke Murphey | NSlookup: |
| 28 | 1 | Luke Murphey | <pre> |
| 29 | 1 | Luke Murphey | * | head 1 | eval host_to_lookup="splunk.com" | lookup nslookup host as host_to_lookup | table _raw aaaa a mx ns server |
| 30 | 1 | Luke Murphey | </pre> |