Anyone out there trying to dump dnstap data into Splunk in real-time or near-real-time?
I was frankly kind of surprised when I searched the Splunk docs site and got "No results. We did not find any pages on Splunk.com that matched dnstap." Googling didn't fare a whole lot better. But this must be something people out there do? Today, we're dumping query logs from BIND into Splunk, but with some servers trying to send logs for a few thousand queries per second, we've had some problems. Looking ahead, we're planning to do some server consolidation which will only up the qps on each server even more. Dnstap seems like a possible solution. I was hoping a Splunk module or add-on existed to eat dnstap data directly, but that first search put a damper on that. Guess we need to deploy middleware? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users