Reference: DNS Statistics event message example - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

The following section outlines an example event message that is sent from the DNS Statistics service to the configured Splunk server or HTTP endpoint, such as a data lake. You can configure the Splunk server or HTTP endpoint to retrieve specific information from the DNS statistics event message to monitor the health of your DNS environment.

Example event message
{
	"key": "be1051d9-1ce8-45f8-ac01-db08c495bea9",
	"payloadType": "dns-statistics",
	"schemaVersion": "1.0",
	"serverId": "new2",
	"sourceId": "421b1fd0-f877-c3b1-3a4c-9cdaefe5d513",
	"time": 1629818397376758955,
	"timePrecision": "ns",
	"data": {
		"boot-time": "2021-08-24T15:18:31.518Z",
		"config-time": "2021-08-24T15:18:31.542Z",
		"current-time": "2021-08-24T15:19:57.330Z",
		"json-stats-version": "1.5",
		"memory": {
			"BlockSize": 3407872,
			"ContextSize": 9626920,
			"InUse": 23600072,
			"Lost": 0,
			"Malloced": 35845384,
			"TotalUse": 28074255,
			"contexts": [{
				"blocksize": 1048576,
				"hiwater": 0,
				"id": "0x55cc017d5050",
				"inuse": 6197688,
				"lowater": 0,
				"malloced": 6538824,
				"maxinuse": 6613584,
				"maxmalloced": 6956560,
				"name": "main",
				"pools": 71,
				"references": 1373,
				"total": 7486129
			}]
		},
		"sockstats": {
			"RawActive": 1,
			"RawOpen": 1,
			"TCP4Accept": 2,
			"TCP4Active": 5,
			"TCP4Close": 1,
			"TCP4Open": 4,
			"TCP6Active": 3,
			"TCP6Open": 3,
			"UDP4Active": 6,
			"UDP4Open": 4,
			"UDP6Active": 9,
			"UDP6Open": 6
		},
		"taskmgr": {
			"default-quantum": 25,
			"tasks": [{
				"events": 0,
				"id": "0x7f84c1159010",
				"name": "server",
				"quantum": 25,
				"references": 17,
				"state": "idle"
			}],
			"tasks-count": 2528,
			"tasks-ready": 0,
			"tasks-running": 1,
			"thread-model": "threaded",
			"worker-threads": 2
		},
		"traffic": {
			"dns-tcp-requests-sizes-received-ipv4": {},
			"dns-tcp-requests-sizes-received-ipv6": {},
			"dns-tcp-responses-sizes-sent-ipv4": {},
			"dns-tcp-responses-sizes-sent-ipv6": {},
			"dns-udp-requests-sizes-received-ipv4": {
				"48-63": 4
			},
			"dns-udp-requests-sizes-received-ipv6": {},
			"dns-udp-responses-sizes-sent-ipv4": {
				"112-127": 4
			},
			"dns-udp-responses-sizes-sent-ipv6": {}
		},
		"version": "9.16.8",
		"views": {
			"_bind": {
				"resolver": {
					"adb": {
						"nentries": 1021,
						"nnames": 1021
					},
					"cache": {},
					"cachestats": {
						"CacheBuckets": 1048576,
						"CacheHits": 0,
						"CacheMisses": 0,
						"CacheNodes": 0,
						"DeleteLRU": 0,
						"DeleteTTL": 0,
						"HeapMemInUse": 6208,
						"HeapMemMax": 6208,
						"HeapMemTotal": 262144,
						"QueryHits": 0,
						"QueryMisses": 0,
						"TreeMemInUse": 8433272,
						"TreeMemMax": 8433400,
						"TreeMemTotal": 8692872
					},
					"qtypes": {},
					"stats": {
						"BucketSize": 64
					}
				},
				"zones": [{
					"class": "CH",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "authors.bind",
					"serial": 0,
					"type": "builtin"
				}, {
					"class": "CH",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "hostname.bind",
					"serial": 0,
					"type": "builtin"
				}, {
					"class": "CH",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "version.bind",
					"qtypes": {
						"TXT": 4
					},
					"rcodes": {
						"QryAuthAns": 4,
						"QrySuccess": 4,
						"QryUDP": 4
					},
					"serial": 0,
					"type": "builtin"
				}, {
					"class": "CH",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "id.server",
					"serial": 0,
					"type": "builtin"
				}]
			},
			"view": {
				"resolver": {
					"adb": {
						"nentries": 1021,
						"nnames": 1021
					},
					"cache": {},
					"cachestats": {
						"CacheBuckets": 1048576,
						"CacheHits": 0,
						"CacheMisses": 0,
						"CacheNodes": 0,
						"DeleteLRU": 0,
						"DeleteTTL": 0,
						"HeapMemInUse": 6208,
						"HeapMemMax": 6208,
						"HeapMemTotal": 262144,
						"QueryHits": 0,
						"QueryMisses": 0,
						"TreeMemInUse": 8433272,
						"TreeMemMax": 8433400,
						"TreeMemTotal": 8692872
					},
					"qtypes": {},
					"stats": {
						"BucketSize": 64
					}
				},
				"zones": [{
					"class": "IN",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "10.10.10.in-addr.arpa",
					"serial": 648814711,
					"type": "master"
				}, {
					"class": "IN",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "127.IN-ADDR.ARPA",
					"serial": 1,
					"type": "master"
				}, {
					"class": "IN",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
					"serial": 1,
					"type": "master"
				}, {
					"class": "IN",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "example.com",
					"serial": 648814711,
					"type": "master"
				}, {
					"class": "IN",
					"loaded": "2021-08-24T15:18:31Z",
					"name": "localhost",
					"serial": 1,
					"type": "master"
				}]
			}
		}
	}
}
Parameters
  • key—the unique event ID of the message.
  • payloadType—the event payload type. Currently, only the dns-statistics type is defined.
  • serverId—the ID of the DNS server.
  • sourceId—the system UUID of the DNS server.
  • time—the time that the response message was received or sent by the DNS server.
  • timePrecision—the measurement of the value in time. The measurement is in nanoseconds (ns).
  • data—the DNS statistics data available on the DNS server. This includes information about the memory usage of the DNS service, socket usage, DNS task statistics, traffic statistics, view statistics, and zone statistics.