You have your search, but it comes up with a bunch of IPs in the results. What are the host names? How do I translate this into usable data?
Lookups:
<Search> | lookup dnslookup clientip as <IP Field> OUTPUT clienthost as <Resolved Hostname>
So this could be:
<Search> | lookup dnslookup clientip as src_ip OUTPUT clienthost as My_Source_Host
Want to know your source and destination?
<Search> | lookup dnslookup clientip as src_ip OUTPUT clienthost as My_Source_Host | lookup dnslookup clientip as dst_ip OUTPUT clienthost as My_Destination_Host
Category:
—
GuardianMS
Guarding your IT Experience!