Splunk® Supported Add-ons

Splunk Add-on for ISC BIND

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Sourcetypes for ISC BIND

The Splunk Add-on for ISC BIND includes the following source types and event types, which map the ISC BIND server log data to the Splunk Common Information Model (CIM).

Source type Event type Event example (default format) CIM compatibility
isc:bind:query isc_bind_query 27-Oct-2020 03:20:47.721 queries: info: client @0x7f1e58000a30 (add3.example.com): query: add3.example.com IN A + ( Network Resolution (DNS)
isc:bind:queryerror isc_bind_queryerror 22-Oct-2020 01:29:51.811 query-errors: info: client @0x7f7544000a30 ( query failed (SERVFAIL) for at query.c:6922
22-Oct-2020 07:54:40.038 query-errors: info: client @0x7f86ec000a30 (add3.example.com): query failed (REFUSED) for add3.example.com/IN/A at query.c:5438
Network Resolution (DNS)
isc:bind:lameserver isc_bind_lameserver 23-Oct-2020 01:32:20.869 lame-servers: info: network unreachable resolving 'demo1.com/A/IN': 2001:503:d2d::30#53 n/a
isc:bind:transfer isc_bind_transfer 22-Oct-2020 04:00:10.327 notify: info: zone example.com/IN: sending notifies (serial 2014090401)
22-Oct-2020 13:58:25.325 notify: debug 3: zone example.com/IN: sending notify to 2606:4700:10::6814:30b6#53
22-Oct-2020 13:58:39.826 notify: debug 2: zone example.com/IN: notify to failed: timed out
22-Oct-2020 14:19:13.318 notify: debug 3: zone example.com/IN: notify response from NOTAUTH
isc:bind:network n/a 21-Oct-2020 11:24:50.141 network: info: no longer listening on
22-Oct-2020 00:50:36.566 network: warning: not listening on any interfaces
22-Oct-2020 00:50:37.101 network: info: listening on IPv4 interface ens192,
Last modified on 21 July, 2021
About the Splunk Add-on for ISC BIND
Release notes for the Splunk Add-on for ISC BIND

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters