DNS Query Monitoring Metrics
DNS Query Monitoring
uberAgent collects detailed information about DNS queries: the request, all responses, and the process from which the query originated.
Details
- Source type:
uberAgentESA:Process:DnsQuery - Used in dashboards: Process DNS
- Enabled through configuration setting:
DnsMonitoring - Related configuration settings: n/a
- Supported platform: all
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Example |
|---|---|---|---|---|
| ProcName | Process name. | String | svchost.exe | |
| ProcGUID | Process GUID. | String | 4b3e3686-7854-4d98-0023-1e0e617bf2e4 | |
| DnsRequest | DNS query name. | String | www.example.com | |
| DnsResponse | DNS query response. | String | 10.1.3.12 | |
| DnsResponseType | DNS query response type (e.g.: A, AAAA, CNAME). | String | A | |
| DnsEventCount | Number of requests in the last interval. | Number | 1 |
The fields DnsRequest, DnsResponse, and DnsResponseType may contain multiple values, separated by a semicolon ;.
List of Calculated Fields
| Field | Description | Data type | Unit | Example | Where available |
|---|---|---|---|---|---|
| TimestampMs | _time * 1000. |
Number | ms | 1585913547467 | Splunk data model |