I'm very new to Splunk, so if this is a over simple question please bear with me.
I need to find the mac addresses for each of our remote servers. Is there a search where I can give an IP address or a host name and get back the mac address(es) related to it?
Thanks in advance!!
Thanks to both of you for the answers. I'm new to the IT world, so this is meant as a "learning task." Every bit of info helps.
Just got another bread crumb: I'll be correlating /var/logs to get my answers. Goal for tomorrow: figure out where our /var/logs live and how to get what I need out of them!
For the most part, you get out of Splunk what you put into it. That is, if you have a data source that is saving MAC addresses in a Splunk index then you should be able to search for a given host and get the associated MAC address. Without knowing more about your environment, it is difficult to give specifics.
Depending on your environment, you should be able to get the MAC/IP pairings from DHCP server logs. I say that it depends because you may not be using DHCP to statically assign IP addresses to servers. Another option would be to have Splunk forwarders on your servers, that utilize a scripted input (ifconfig for nix or ipconfig for Windows).