Other
The goal of IP tagging is to enrich the events with as much intelligence as possible to help shorten the time you are searching/investigating your data.
This can be accomplished in several different ways:
Using a Splunk Pre-Processor to append the events before they are indexed to enrich the splunk datastore. IPtagProcessor
Using a search operator (with Splunk 3.x) to add the fields to your events when the resultset is returned. IPIntelCommand
Not using splunk and want to pull in intel to almost any other utility...consider my other prototype: Reverse DNS Perl
Resources:
Splunk Developer Documentation
Click the file on the left to start the preview,please !The preview only provides 20% of the code snippets, the complete code needs to be downloaded
No comment