unfortunately i don't have access to the conf files on the filesystem on our splunk deployment. is there a way i can do the reverse dns as specified in http://www.splunk.com/base/Documentation/4.1.5/Knowledge/Addfieldsfromexternaldatasources from the ui? specifically i have my ip's in a field called dvc_ip
asked 08 Apr '11, 00:18
I think Splunk ships with that python script already there.
and everything else you shiuld be able to do in manager > Lookups
answered 08 Apr '11, 01:01