For parameters check out the dashboard "Infoblox Knowledgeitems" containing lists of the objects, structs and fields available for each object.
In the "Infoblox Lookup" dashboard there is a multiselect field correctly filled with all possible and valid fields for each object selected in the dropdown.
in /local you have to place a infobloxws.conf with the username, password and the fqdn of the server. Sorry, the password is cleartext for now :-/ but i strongly suggest to use a fairly low permission user in Infoblox anyway as the usage is intented for lookups.
Samples searches to get you started:
|infobloxws api="zone_auth" max_results=100 return_fields="address,comment,dns_fqdn,fqdn,network_view,ns_group,parent,prefix,primary_type,view,zone_format"
|infobloxws api="network" max_results=10 return_fields="ipv4addr,comment,netmask,network,network_container,ddns_domainname"
|infobloxws api="zone_forward" max_results=10 return_fields="address,comment,dns_fqdn,fqdn,view,zone_format,parent,display_domain"
|infobloxws api="range" max_results=10 return_fields="name,comment,network,bootserver,bootfile,failover_association,ddns_domainname"
to do: * encrypt password * setup page for setting up the .conf * build lookup tables to enrich src_ip etc automatically with a cached lookup table generated in the morning or maybe several times a day
Anyway, feel free to contact me but bear in mind i have little clue on Infoblox in general and our setup might not be the cleanest.
Version 0.2
Now supports passing selected_fields list and max_records.
features improved forms to help you see legal combinations of parameters.
Version 0.1
Works but is clumsy from a SPL perspective. The implementation is straight forward. Place the conf file under /local and set your details.
It is just a wrapper arround the WAPI. See https://community.infoblox.com/resource/getting-started-infoblox-web-api-wapi#WAPIoverview for details.
Usage is as follows:
api=[search|network|...]
When using the search API, the infoblox API expects parameters. There is a peculiarity in that infoblox alows for search~=: i.e. equals to, regex etc. If you are not sure just use searchkey="search~"
Example:
| infobloxws api=search searchkey="search_string~" searchvalue="sometext" objtype="network"
Find details for your version on https://yourInfoBloxServer/wapidoc/
Hope this helps some who use infoblox.
The app also includes a form for interactively using the search.
Feel free to contact me with input/suggestions. This version works but is mainly intended for gathering input.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.