Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific



Discovered Device History Dashboard

Posts: 97
6422     2



This dashboard shows the first discovery event for each IP in the specified timeframe.


  <label>IPAM Discovered Device History</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
          <query>source=ib:discovery:ipaddr_activity index=ib_discovery  | where (IPADDR_MASK % 4) &gt; 0 | sort 0 _time |lookup ipaddr_mask_lookup IPADDR_MASK output IPADDR_TYPE as Type | rename IPADDR as IP DISCOVERED_MAC_DUID as "Last MAC/DUID" DISCOVERED_NAME as "Device Name" DEVICE_TYPE as "Device Type" SHOWN_INTERFACE as "Port / Interface" NETWORK_VIEW as "Network View"  | table _time IP "Last MAC/DUID" Type "Device Name" "Device Type" "Port / Interface" "Network View" |dedup IP</query>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>

Re: Discovered Device History Dashboard

Posts: 1
6423     2



Is there any way to change this dahsboard to report on networks or subnets in lieu of hosts? 



Re: Discovered Device History Dashboard

Posts: 97
6423     2

It is possible with the Splunk cidrmatch function, but I don't think there is a pre-existing lookup table which you could use with the function to see if the IP falls within the CIDR. I believe you'd need to create a lookup table containing all of your networks, then group by the network.



See this splunk article for more details.



Re: Discovered Device History Dashboard

Posts: 7
6423     2

What needs to be enabled to display the missing Port / Interface data in this report?

Re: Discovered Device History Dashboard

Posts: 97
6423     2


There is an "out of the box" report which uses Network Insight data that can produce the switch port info against a view like this. It's the "End Host History" dashboard found in NIOS 8.0 or later.

Showing results for 
Search instead for 
Do you mean 

Recommended for You