There are several ways to retrieve this information manually.
- ipconfig /displaydns
Win32_DnsCachefrom WMI repo (use Kansa to collect and stack this data)
📘 BTFM
Stacking, purely manually (no grouping):
Get-ChildItem -Filter "*-DNSCache.csv" | ForEach-Object { Import-Csv $_.FullName } | Export-Csv -Path "DNSCacheStack.csv" -NoTypeInformation
Stacking, purely manual, with grouping (basically, the same results as with Get-LogparserStack.ps1 but the case is ignored):
$csvFiles = Get-ChildItem -Path ".\*DNSCache.csv"
$result = @()
foreach ($csvFile in $csvFiles) {
$data = Import-Csv -Path $csvFile.FullName
$result += $data
}
$groupedData = $result | Group-Object -Property Name | Select-Object Count, Name, @{Name="PC"; Expression={$_.Group.'PSComputerName'}} # the column contains spaces but the script will see no spaces, so, it's not a typo
$groupedData | Export-Csv -Path "result2.csv" -NoTypeInformation
Stacking, Kansa script:
.\Get-LogparserStack.ps1 -FilePattern *DNSCache.csv -Delimiter "," -Direction asc -OutFile DNSCache-stack.csv
You can now use 🛠️ Timeline Explorer or another tool to analyse the data.