Hi I have followed the instructions like so:
[[inputs.dns_query]]
servers = ["8.8.8.8"]
network = "udp"
domains = ["sec-api.foxac236.net"]
port = 53
include_fields = ["first_ip"]
But I get no first_ip as output (same happens with all_ips):
I query all the fields for dns_query and I get nothing:
SELECT * FROM dns_query WHERE server = '8.8.8.8' AND domain = 'sec-api.foxac236.net' AND host = '95135e7' AND time > now() - 1h
My telegraf is 1.26.2 and based on dns_query and feature added, my code should be working. Can anyone help please?
first_ip produces a field called ip (e.g. fields["ip"] = ip) with the first IP
all_ips produce fields called ip_# (e.g. fields["ip_"+strconv.Itoa(i)] = ip) with each IP from each record.
Try running with --test and provide the results.
thank you for answering, here is the result:
^Ctelegraf@SCZ-Harm-02:/$ telegraf --config /etc/telegraf/telegraf.conf --test | grep sec
2023-05-05T00:51:03Z I! Loading config: /etc/telegraf/telegraf.conf
> dns_query,domain=sec-api.foxac236.net,host=SCZ-Harm-02,rcode=NOERROR,record_type=NS,result=success,server=8.8.8.8 query_time_ms=109.369736,rcode_value=0i,result_code=0i 1683247864000000000
No IP provided 
record_type=NS
It only appears to extract the IP for A and AAAA records
thanks i will add record_type = "A" to my dns_query and see the results
