Jump to content

F5 DNS Splunk Values



So we have a bunch of GTM (or BIGIP-DNS) log data in Splunk and most don't know what the heck all of these different fields mean.

  • QID:
  • Host (GMT):
  • src:
  • dest
  • reply_code
  • reply_code_id
  • query
  • answer
  • answer_count
  • message_type
  • query_type
  • record_type.

I suppose I will take a crack at it and see if I can find explanations of each field.

QID (query ID)

You can trace a query and response based on the QID#



Recommended Comments

There are no comments to display.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...