Blogs

This only works in 2.0.x
Ok so I’ve had a couple of people ask me how to resovle the ip addresses in their syslog files to their hostnames in splunk.
There’s no way to do this just by tweaking a config variable .. we need to dig a little deeper under the surface. It’s actually pretty easy to get splunk to call out to python during event processing so I’ve used that functionality to solve this problem.

Note that this will negatively impact indexing performance but it should work until we get this behavior baked into splunk.

First up I’ve created a python script that calls socket.gethostbyaddr to resolve the hosts. It will also cache the results so that the performance hit…

I talk to many sysadmins every week who have started to use Splunk and know that it’s saving them time and avoiding problems for their company. It’s time to ask the boss for the money to buy. In many companies, the boss then wants to “see the ROI.”

A lot of admins are stymied by this – while it’s intuitive to them that they and their colleagues spend a lot of their day looking at logs, and it’s also evident that Splunk makes it go faster and better, they don’t really know how to go about quantifying it.

Never fear – if the benefit is clear to you, it’ll be easy to document in an ROI analysis. This post will…