02-06-2018 09:42 AM - edited 02-07-2018 06:19 AM
Is there a way to show records in a search of the switch_port_capacity source that have the same port_last_changed_at value?
Background: A coworker and I are trying to use a search to determine the percentage of switch ports that have been utilized since [search date]. We've gotten it to show all interfaces in a range of switches that have had their status changed (down/up) since [search date], meaning that the port has been used at some point between [search date] and now.
source=ib:discovery:switch_port_capacity index=ib_discovery device_ip_address=10.x.x.0/21 port_last_changed_at>="2017-02-06 00:00:00" interface_type=ethernet-csmacd interface_name!="Gi1/1/*" interface_name!="Te*" is_trunk_port=no | fillnull value="N/A" | dedup network_view, device_ip_address, interface_name
(Note, I'm omitting field renames and the table structure for brevity.)
However, in some cases, there are groups of ports that are down and were last changed at the same exact time [changed date], possibly due to the switch reloading or power cycling. There's no way of knowing whether those ports were actually used between [changed date] and [search date], so this skews our numbers.
What I'd like to do is to create a second report, adding interface_port_status=down and showing duplicates of the port_last_changed_at field. This way, in my writeup, I can specify that it is unknown whether x amount of ports have been used since [search date].
Any insight would be appreciated!
02-06-2018 09:53 AM
Check out the Device Interface Inventory Dashboard as a starting point. Incidentally, which report were you using in your original post? Or was this custom built?
02-07-2018 06:14 AM - edited 02-07-2018 06:20 AM
Dave, thanks for the pointer on that Dashboard, but it doesn't seem as though I'll be able to customize it as fully/easily as the search I'm trying to use, which is based off Device Interface Inventory and modified. (I've renamed this thread accordingly.)
We had to change the dedup function to allow CIDR or wildcard searching of a range of switches; by default, for example, an interface named FastEthernet0/1 would show up on multiple switches and get deduplicated, resulting in missing data. I also cleaned up the table to remove columns I don't care about, put in the start date, is_trunk=no, and specified interfaces not G1/1/* or Te* since those are uplinks and I'm only concerned about access ports.