https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/570415#M101092 <P>The only problem with this way is DHCP log file size on DC.</P><P>I am also trying with Splunk Stream app, but it is complicated to fulfil the use case,</P><P>MAC - IP - Hostname&nbsp;</P><P>Details from the logs, with stream we get all the data from DORA process and I believe DHCPREQUEST and DHCPACK is where I should get the details.</P><P>&nbsp;</P><P>But not able to figure out the fields, m<SPAN>ostly I should received the desired values on this fields but not always this is true.</SPAN></P><P><SPAN>chaddr</SPAN><BR /><SPAN>yiaddr</SPAN><BR /><SPAN>client_fqdn</SPAN><BR /><BR />Has anyone successfully configured stream for DHCP logs and have getting the logs required for asset inventory (MAC-IP-Hostname)?</P><P>&nbsp;</P> Mon, 11 Oct 2021 06:30:15 GMT PratikPashte 2021-10-11T06:30:15Z https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568034#M100831 <P>Hello,</P><P>I am trying to get Windows DHCP logs to Splunk and trying to use below way to get the same, but wanted to look if there is any better way to ingest the DHCP logs to Splunk.</P><P>Using Deployment server to get the logs with inputs.conf file,</P><DIV><DIV><SPAN>[monitor://C:\Windows\System32\dhcp]</SPAN></DIV><DIV><SPAN>sourcetype</SPAN> <SPAN>=</SPAN><SPAN> dhcp</SPAN></DIV><DIV><SPAN>crcSalt</SPAN> <SPAN>=</SPAN><SPAN> &lt;SOURCE&gt;</SPAN></DIV><DIV><SPAN>alwaysOpenFile</SPAN> <SPAN>=</SPAN> <SPAN>1</SPAN></DIV><DIV><SPAN>disabled</SPAN> <SPAN>=</SPAN><SPAN> false</SPAN></DIV><DIV><SPAN>index</SPAN> <SPAN>=</SPAN><SPAN> dhcplogs</SPAN></DIV><DIV><SPAN>whitelist</SPAN> <SPAN>=</SPAN><SPAN> Dhcp.+\.log</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>And then to install below app at search heads to parse the logs,</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN><A href="https://splunkbase.splunk.com/app/4359/#/details" target="_blank" rel="noopener">https://splunkbase.splunk.com/app/4359/#/details</A></SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>I haven't completed the setup prior to that was getting some advise if this the best way to go ahead or any other way we have to ingest it better.</SPAN></DIV><DIV>&nbsp;</DIV><DIV>If this the best way is there anything i need to be aware prior to the setup, Thanks in advanced.</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Regards,</DIV><DIV>Pratik Pashte</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV></DIV><P>&nbsp;</P> Wed, 22 Sep 2021 13:09:17 GMT https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568034#M100831 PratikPashte 2021-09-22T13:09:17Z https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568090#M100837 <P>Install the Splunk UF on the hosts and also push this add-on to all the UF's and install it on your SH as well which makes your job easy in field extractions.</P> Wed, 22 Sep 2021 16:18:00 GMT https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568090#M100837 Roy_9 2021-09-22T16:18:00Z https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568192#M100846 <P>Which means I am on the right track, Thanks Roy.</P><P>But would also like to understand is there any other way as well to pull the DHCP logs to Splunk?</P><P>&nbsp;</P> Thu, 23 Sep 2021 05:29:31 GMT https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568192#M100846 PratikPashte 2021-09-23T05:29:31Z https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568193#M100847 I think that this is the easiest and best way to do it with splunk. Other ways are more complicated than this. Thu, 23 Sep 2021 05:55:35 GMT https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/568193#M100847 isoutamo 2021-09-23T05:55:35Z https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/570415#M101092 <P>The only problem with this way is DHCP log file size on DC.</P><P>I am also trying with Splunk Stream app, but it is complicated to fulfil the use case,</P><P>MAC - IP - Hostname&nbsp;</P><P>Details from the logs, with stream we get all the data from DORA process and I believe DHCPREQUEST and DHCPACK is where I should get the details.</P><P>&nbsp;</P><P>But not able to figure out the fields, m<SPAN>ostly I should received the desired values on this fields but not always this is true.</SPAN></P><P><SPAN>chaddr</SPAN><BR /><SPAN>yiaddr</SPAN><BR /><SPAN>client_fqdn</SPAN><BR /><BR />Has anyone successfully configured stream for DHCP logs and have getting the logs required for asset inventory (MAC-IP-Hostname)?</P><P>&nbsp;</P> Mon, 11 Oct 2021 06:30:15 GMT https://community.splunk.com/t5/Getting-Data-In/Best-way-to-get-Windows-DHCP-logs-to-Splunk/m-p/570415#M101092 PratikPashte 2021-10-11T06:30:15Z