Reply
Highlighted

Discovered Device History Dashboard

Adviser
Posts: 118
5656     2

screenshot.jpg

 

This dashboard shows the first discovery event for each IP in the specified timeframe.

 

<form>
  <label>IPAM Discovered Device History</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>source=ib:discovery:ipaddr_activity index=ib_discovery  | where (IPADDR_MASK % 4) &gt; 0 | sort 0 _time |lookup ipaddr_mask_lookup IPADDR_MASK output IPADDR_TYPE as Type | rename IPADDR as IP DISCOVERED_MAC_DUID as "Last MAC/DUID" DISCOVERED_NAME as "Device Name" DEVICE_TYPE as "Device Type" SHOWN_INTERFACE as "Port / Interface" NETWORK_VIEW as "Network View"  | table _time IP "Last MAC/DUID" Type "Device Name" "Device Type" "Port / Interface" "Network View" |dedup IP</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

Re: Discovered Device History Dashboard

JVillarrealjm
Techie
Posts: 1
5657     2

Hi,

 

Is there any way to change this dahsboard to report on networks or subnets in lieu of hosts? 

 

Thanks!

Re: Discovered Device History Dashboard

Adviser
Posts: 118
5657     2

It is possible with the Splunk cidrmatch function, but I don't think there is a pre-existing lookup table which you could use with the function to see if the IP falls within the CIDR. I believe you'd need to create a lookup table containing all of your networks, then group by the network.

 

 

See this splunk article for more details.

 

https://answers.splunk.com/answers/54880/group-ip-addresses-in-cidr-format.html

 

 

Re: Discovered Device History Dashboard

jimbo-5
Techie
Posts: 8
5657     2

What needs to be enabled to display the missing Port / Interface data in this report?

Re: Discovered Device History Dashboard

Adviser
Posts: 118
5657     2

 

There is an "out of the box" report which uses Network Insight data that can produce the switch port info against a view like this. It's the "End Host History" dashboard found in NIOS 8.0 or later.

Showing results for 
Search instead for 
Do you mean 

Recommended for You