Anyone out there trying to dump dnstap data into Splunk in
real-time or near-real-time?
I was frankly kind of surprised when I searched the Splunk docs
site and got "No results. We did not find any pages on Splunk.com
that matched dnstap."
Googling didn't fare a whole lot better. But this must be something
people out there do?
Today, we're dumping query logs from BIND into Splunk, but with
some servers trying to send logs for a few thousand queries
per second, we've had some problems. Looking ahead, we're planning
to do some server consolidation which will only up the qps on each
server even more. Dnstap seems like a possible solution.
I was hoping a Splunk module or add-on existed to eat dnstap
data directly, but that first search put a damper on that. Guess
we need to deploy middleware?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
