/
Sourcetypes
Document toolboxDocument toolbox

Sourcetypes

Owned by Shirly Tsang
Aug 02, 2024
1 min read

The Infoblox App For Splunk provides the search-time knowledge for Infoblox data in the following formats:

Sourcetype

Description

ib:dns:captures

This sourcetype will have data for dns (Splunk CIM).

ib:audit:captures

This sourcetype will have data for audit (Splunk CIM).

ib:dhcp:captures

This sourcetype will have data for dhcp (Splunk CIM).

ib:rpz:captures

This sourcetype will have data for blocked DNS (Splunk CIM).

ib:service:captures

This sourcetype will have data for service (Splunk CIM).

ib:notifications:captures

This sourcetype will have data for soc Insights (Splunk CIM).

infoblox:tide_host 

This sourcetype will contain the host information (API).

infoblox:tide_ip

This sourcetype will contain the ip information (API).

infoblox:tide_url

This sourcetype will contain the url information (API).

infoblox:tide_hash

This sourcetype will contain the hash information (API).

infoblox:tide_email

This sourcetype will contain the email information (API).

infoblox:soc_insights

This sourcetype will contain the soc insights details (API).

Related content