Splunk® Supported Add-ons

Splunk Add-on for ISC BIND

Sourcetypes for ISC BIND

The Splunk Add-on for ISC BIND includes the following source types and event types, which map the ISC BIND server log data to the Splunk Common Information Model (CIM).

Source type Event type Event example (default format) CIM compatibility
isc:bind:query isc_bind_query 27-Oct-2020 03:20:47.721 queries: info: client @0x7f1e58000a30 38.87.196.34#60627 (add3.example.com): query: add3.example.com IN A + (10.160.10.140) Network Resolution (DNS)
isc:bind:queryerror isc_bind_queryerror 22-Oct-2020 01:29:51.811 query-errors: info: client @0x7f7544000a30 38.87.196.34#54013 (52.219.226.124.in-addr.arpa): query failed (SERVFAIL) for 52.219.226.124.in-addr.arpa/IN/PTR at query.c:6922
22-Oct-2020 07:54:40.038 query-errors: info: client @0x7f86ec000a30 38.87.196.34#55114 (add3.example.com): query failed (REFUSED) for add3.example.com/IN/A at query.c:5438
Network Resolution (DNS)
isc:bind:lameserver isc_bind_lameserver 23-Oct-2020 01:32:20.869 lame-servers: info: network unreachable resolving 'demo1.com/A/IN': 2001:503:d2d::30#53 n/a
isc:bind:transfer isc_bind_transfer 22-Oct-2020 04:00:10.327 notify: info: zone example.com/IN: sending notifies (serial 2014090401)
22-Oct-2020 13:58:25.325 notify: debug 3: zone example.com/IN: sending notify to 2606:4700:10::6814:30b6#53
22-Oct-2020 13:58:39.826 notify: debug 2: zone example.com/IN: notify to 104.20.48.182#53 failed: timed out
22-Oct-2020 14:19:13.318 notify: debug 3: zone example.com/IN: notify response from 192.185.44.208#53: NOTAUTH
n/a
isc:bind:network n/a 21-Oct-2020 11:24:50.141 network: info: no longer listening on 10.160.10.140#53
22-Oct-2020 00:50:36.566 network: warning: not listening on any interfaces
22-Oct-2020 00:50:37.101 network: info: listening on IPv4 interface ens192, 10.160.10.140#53
n/a
Last modified on 21 July, 2021
About the Splunk Add-on for ISC BIND   Release notes for the Splunk Add-on for ISC BIND

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters