@paulzharyuk

Can you please try following search?

index=dtna_network_ciscoprime ipAddress=$ipaddress$ 
| eval macAddress=replace(macAddress,"-",":") , macAddress=replace(macAddress,"\.",":") 
| eval txtmacAddress="$macaddress$",txtmacAddress=replace(txtmacAddress,"-",":") , txtmacAddress=replace(txtmacAddress,"\.",":") 
| where macAddress=txtmacAddress
| table ipAddress, macAddress, clientInterface, vendor, nt_host

My Sample Search:

| makeresults 
| eval macAddress="10:0:1:1" 
| append 
    [| makeresults 
    | eval macAddress="10.0.1.1" ] 
| append 
    [| makeresults 
    | eval macAddress="10-0-1-1" ] 
| eval macAddress=replace(macAddress,"-",":") , macAddress=replace(macAddress,"\.",":") 
| eval txtmacAddress="10.0.1.1",txtmacAddress=replace(txtmacAddress,"-",":") , txtmacAddress=replace(txtmacAddress,"\.",":") 
| where macAddress=txtmacAddress

Note: In sample search $macaddress$= 10.0.1.1

Thanks