Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Mac address from IP or host

Celeste
Engager
‎02-13-2014 10:23 AM

I'm very new to Splunk, so if this is a over simple question please bear with me.

I need to find the mac addresses for each of our remote servers. Is there a search where I can give an IP address or a host name and get back the mac address(es) related to it?

Thanks in advance!!

Tags (3)
0 Karma
Reply

Celeste
Engager
‎02-13-2014 04:57 PM

Thanks to both of you for the answers. I'm new to the IT world, so this is meant as a "learning task." Every bit of info helps.

Just got another bread crumb: I'll be correlating /var/logs to get my answers. Goal for tomorrow: figure out where our /var/logs live and how to get what I need out of them!

Thanks again,
Celeste

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-13-2014 11:15 AM

For the most part, you get out of Splunk what you put into it. That is, if you have a data source that is saving MAC addresses in a Splunk index then you should be able to search for a given host and get the associated MAC address. Without knowing more about your environment, it is difficult to give specifics.

---
If this reply helps you, Karma would be appreciated.
Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎02-13-2014 11:24 AM

Depending on your environment, you should be able to get the MAC/IP pairings from DHCP server logs. I say that it depends because you may not be using DHCP to statically assign IP addresses to servers. Another option would be to have Splunk forwarders on your servers, that utilize a scripted input (ifconfig for nix or ipconfig for Windows).

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...