Splunk Apps » Network Tools

h1. Lookups

Network Toolkit includes custom lookups that can be used to get information on hosts within events. The lookups provided are:

* whois
* ping
* traceroute
* nslookup

Below are some examples of running these commands (each example the field containing the field you want to lookup is in field +host_to_lookup+): commands:

Whois:
<pre>
... * | head 1 | eval host_to_lookup="splunk.com" | lookup whois host as host_to_lookup | table _raw host raw updated_date nameservers registrar whois_server query creation_date emails expiration_date status id
</pre>

Ping:
<pre>
... * | head 1 | eval host_to_lookup="splunk.com" | lookup ping host as host_to_lookup | table _raw host sent received packet_loss min_ping max_ping avg_ping jitter return_code raw_output
</pre>

Traceroute:
<pre>
... * | head 1 | eval host_to_lookup="splunk.com" | lookup traceroute host as host_to_lookup | table _raw host return_code raw_output hops
</pre>

NSlookup:
<pre>
... * | head 1 | eval host_to_lookup="splunk.com" | lookup nslookup host as host_to_lookup | table _raw aaaa a mx ns server
</pre>