Splunk® Supported Add-ons

Splunk Add-on for Infoblox

Download manual as PDF

Download topic as PDF

Sourcetypes for the Splunk Add-on for Infoblox

The Splunk Add-on for Infoblox includes the following source types and event types which map the data to the Splunk Common Information Model (CIM).

Sourcetype Event type Event example CIM data models
infoblox:dns infoblox_dns Sep 8 20:06:59 named[31744]: client (ppm.company.com): query: ppm.company.com IN A + ( Network Resolution (DNS)
infoblox_dns_change Sep 8 20:03:27 named[26980]: client dhcp_updater_default: updating zone '106.10.in-addr.arpa/IN': adding an RR at '' PTR Change Analysis
infoblox_dnz_rpz 2017-03-13T09:48:30-07:00 named[15798]: CEF:0|Infoblox|NIOS|7.3.9-343507|RPZ-QNAME|PASSTHRU|4|app=DNS dst= src= spt=55555 view=_default qtype=A msg="rpz QNAME PASSTHRU rewrite z.zzz.com [A] via a.aaa.com" Network Resolution (DNS)


infoblox:dhcp infoblox_dhcp Sep 8 20:06:30 dhcpd[12508]: DHCPOFFER on to 09:bf:58:10:04:09 (SCOTRL1-VM8) via eth1 relay lease-duration 120 Network Sessions (DHCP)
infoblox_session_start Sep 8 20:06:20 dhcpd[12508]: DHCPREQUEST for ( from ec:d5:3d:f3:d9:3a via (RENEW) Network Sessions (Session Start)
infoblox_session_end Sep 8 20:04:29 dhcpd[12508]: DHCPRELEASE of from cc:88:11:55:78:f3 via eth1 (found) Network Sessions (Session End)
infoblox_threatprotect infoblox_threatprotect 2017-11-24T12:31:31-08:00 threat-protect-log[9346]: adp: CEF:0|Infoblox|NIOS Threat|8.2.1-359366|200001105|DROP NTP TIME requests|4|src=111.222.333.444 spt=123 dst=111.222.333.444 dpt=123 act="DROP" cat="NTP" nat=0 nfpt=0 nlpt=0 fqdn=NA hit_count=1 Intrusion Detection
About the Splunk Add-on for Infoblox
Release notes for the Splunk Add-on for Infoblox

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters