Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GodOfDistroyer
New Contributor

Created on ‎07-30-2025 04:43 AM Edited on ‎07-30-2025 04:48 AM

convertHostNameToIp function is not working, shows validation failed

Hi Team,

     While I am trying to make a custom parser for Windows/any other device type while using the convertHostNameToIp function with setEventAttribute, validation shows failed.

Full function is below:

<setEventAttribute attr="srcIpAddr">convertHostNameToIp($_saddr)</setEventAttribute>


Below is my custom parser for testing. 

image.png

 

While testing with other functions like 

resolveDNSName


All other functions are working fine except convertHostNameToIp. Please give me any suggestions for this issue.

Below is my custom parser.

Validation failed: convertHostNameToIp
<eventFormatRecognizer>TMSSQLSERVER</eventFormatRecognizer>
<parsingInstructions>
<collectAndSetAttrByKeyValuePair sep=" " src="$_rawmsg">
<attrKeyMap attr="hostName" key="Host: "/>
</collectAndSetAttrByKeyValuePair>
<setEventAttribute attr="srcIpAddr">convertHostNameToIp($hostName)</setEventAttribute>
</parsingInstructions>

Validation is passed: resolveDNSName
<eventFormatRecognizer>TMSSQLSERVER</eventFormatRecognizer>
<parsingInstructions>
<collectAndSetAttrByKeyValuePair sep=" " src="$_rawmsg">
<attrKeyMap attr="hostName" key="Host: "/>
</collectAndSetAttrByKeyValuePair>
<setEventAttribute attr="destIpAddr">resolveDNSName($hostName)</setEventAttribute>
</parsingInstructions>

@AEK, @Toshi_Esumi, @ozkanaltas

 

 

Labels:
150
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎07-30-2025 07:03 AM

Hello

It seems this function is deprecated and should use resolveDNSName instead.

https://docs.fortinet.com/index.php/document/fortisiem/7.3.4/user-guide/962586

Hope it helps.

AEK

View solution in original post

AEK
124
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎07-30-2025 07:03 AM

Hello

It seems this function is deprecated and should use resolveDNSName instead.

https://docs.fortinet.com/index.php/document/fortisiem/7.3.4/user-guide/962586

Hope it helps.

AEK
AEK
125
0 Kudos
GodOfDistroyer
New Contributor

Created on ‎07-30-2025 09:18 AM

Thank you for sharing the solution. Your support is much appreciated

113
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.