So we have a bunch of GTM (or BIGIP-DNS) log data in Splunk and most don't know what the heck all of these different fields mean.

  • QID:
  • Host (GMT):
  • src:
  • dest
  • reply_code
  • reply_code_id
  • query
  • answer
  • answer_count
  • message_type
  • query_type
  • record_type.

I suppose I will take a crack at it and see if I can find explanations of each field.

QID (query ID)

You can trace a query and response based on the QID#



