You can create a logging endpoint that stores all DNS queries in your network.
Note:
- You can only assign one logging endpoint per site.
- You can assign a logging endpoint to multiple sites.
- You can create multiple logging endpoints but only one can be assigned per site. This means you can assign different logging endpoints to sites.
- Choose whether you are using HTTP or HTTPS.
-
In the top navigation bar, click
and select
Logging Endpoints.
-
Click
.
-
Complete the following:
- Name: The unique name for the logging endpoint.
- Optional: Description: A description for the logging endpoint.
-
Internal Network Address: The full URL of the
local logging endpoint including the protocol and host. For example,
https://http-inputs-<customer>.splunkcloud.com/services/collector/raw. - Optional:
Headers: The HTTP headers for authenticating the
request. For example,
-H "X-Splunk-Request-Channel: FE0ECFAD-13D5-401B-847D-77833BD77131" - Optional: Client Certificate: The self-signed certificate for the host address. This could be generated using OpenSSL or your own internal tool. The self-signed certificate generates two parts: the client certificate and the server certificate. You must upload the client certificate to the logging endpoint and the server certificate to the server. If you have a load balancer, you must upload the server certificate to the load balancer.
- Click Save.