Skip to main content

IP address identification based on host name

  • Updated

You might need to identify an IP address based on a host name when doing the following:

Prerequisites 

In order to execute this procedure in your environment, the following data, services, or apps are required:

Example

A Windows desktop has been infected by ransomware, and you need to identify the IP address of the infected machine as part of your investigation.  

NOTE: To optimize the search shown below, you should specify an index and a time range. 

  1. Run the following search:
<hostname> 
  1. In the field sections on the left, find and click sourcetype.
  2. Click the value with the highest count to add it to the search. 
  3. In the field sections on the left, find and click src_ip.

Result

This search returns the IP address most likely associated with the host name of the infected machine. 

Related articles

Comments

0 comments

Please sign in to leave a comment.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.