02-22-2016 10:39 AM
This dashboard shows the first discovery event for each IP in the specified timeframe.
<form> <label>IPAM Discovered Device History</label> <fieldset submitButton="false"> <input type="time" token="field1"> <label></label> <default> <earliest>0</earliest> <latest></latest> </default> </input> </fieldset> <row> <panel> <table> <search> <query>source=ib:discovery:ipaddr_activity index=ib_discovery | where (IPADDR_MASK % 4) > 0 | sort 0 _time |lookup ipaddr_mask_lookup IPADDR_MASK output IPADDR_TYPE as Type | rename IPADDR as IP DISCOVERED_MAC_DUID as "Last MAC/DUID" DISCOVERED_NAME as "Device Name" DEVICE_TYPE as "Device Type" SHOWN_INTERFACE as "Port / Interface" NETWORK_VIEW as "Network View" | table _time IP "Last MAC/DUID" Type "Device Name" "Device Type" "Port / Interface" "Network View" |dedup IP</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="wrap">true</option> <option name="rowNumbers">false</option> <option name="dataOverlayMode">none</option> <option name="drilldown">cell</option> <option name="count">10</option> </table> </panel> </row> </form>
01-19-2017 10:24 AM
It is possible with the Splunk cidrmatch function, but I don't think there is a pre-existing lookup table which you could use with the function to see if the IP falls within the CIDR. I believe you'd need to create a lookup table containing all of your networks, then group by the network.
See this splunk article for more details.
03-22-2017 02:51 PM
There is an "out of the box" report which uses Network Insight data that can produce the switch port info against a view like this. It's the "End Host History" dashboard found in NIOS 8.0 or later.