08-31-2018 05:16 AM
Hi all, I am not sure if anyone can help with this as it is a basic question I suspect. However, I am completely new to using SPLUNK and any code in fact, but have been tasked with trying to find the last used date of all IPs in our system, Infoblox. Our aim is to remove all IPs not used in xx days.
I would really like some pointers on where to start, how to create a new simple report and not a dashboard. The standard "IP Address Inventory" report is not giving me the last used date.
Is anyone able to help with this? I would be very grateful.
09-17-2018 05:35 PM
What IP's are you trying to remove ? Let me put this to you in this way :
Your Infoblox server(s) have a network 10.10.10.0/24 currently serving DHCP & you have created 10 Fixed addresses or DHCP Hosts with a MAC binding. Your organization now wants you to verify the last time these IP addresses were used, so that you could decide whether those Fixed addresses/Hosts need to exist or not ?
If that is the case, i guess the easiest way would be to track the last DHCPACK messages on those IP addresses. Would that satisfy your requirement ?
I'm hijacking this post since i need exactly what you described malman. We need to find unused fixed/host DHCP-adresses and remove them.