Sourcetypes for ISC BIND
The Splunk Add-on for ISC BIND includes the following source types and event types, which map the ISC BIND server log data to the Splunk Common Information Model (CIM).
Source type | Event type | Event example (default format) | CIM compatibility |
---|---|---|---|
isc:bind:query
|
isc_bind_query
|
27-Oct-2020 03:20:47.721 queries: info: client @0x7f1e58000a30 38.87.196.34#60627 (add3.example.com): query: add3.example.com IN A + (10.160.10.140)
|
Network Resolution (DNS) |
isc:bind:queryerror
|
isc_bind_queryerror
|
22-Oct-2020 01:29:51.811 query-errors: info: client @0x7f7544000a30 38.87.196.34#54013 (52.219.226.124.in-addr.arpa): query failed (SERVFAIL) for 52.219.226.124.in-addr.arpa/IN/PTR at query.c:6922
|
Network Resolution (DNS) |
isc:bind:lameserver
|
isc_bind_lameserver
|
23-Oct-2020 01:32:20.869 lame-servers: info: network unreachable resolving 'demo1.com/A/IN': 2001:503:d2d::30#53
|
n/a |
isc:bind:transfer
|
isc_bind_transfer
|
22-Oct-2020 04:00:10.327 notify: info: zone example.com/IN: sending notifies (serial 2014090401)
|
n/a |
isc:bind:network
|
n/a
|
21-Oct-2020 11:24:50.141 network: info: no longer listening on 10.160.10.140#53
|
n/a |
About the Splunk Add-on for ISC BIND | Release notes for the Splunk Add-on for ISC BIND |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!