Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Substitution/Mapping table of user to IP address for report?

tjharris
New Member
‎04-12-2018 05:10 PM

I have a few web application reports and they are great, except the log data only has the user's IP address, which I want to map to user names. I have good mapping data from my DHCP. But, I've been unable to find how I can use a data table to map the user name in for the IP address in my output table.

I'm using splunkcloud. Any pointers on how this can be done?

Tags (1)
0 Karma
Reply

Tim_1
Path Finder
‎04-16-2018 07:52 AM

You could use your DHCP as a static lookup, then join within the query using 'lookup' or 'inputlookup' command.
http://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/lookup

0 Karma
Reply

p_gurav
Champion
‎04-12-2018 10:40 PM

Can you provide some sample events from DHCP and user data?

0 Karma
Reply

tjharris
New Member
‎04-15-2018 12:38 AM

The DHCP data is not emitted into Splunk. It's just a static map of IP->User. I have it as an external CSV file, which I can import into Splunk if needed. My goal is then to use that mapping table of IP:User to swap out IP address for user names in my report table.

0 Karma
Reply

p_gurav
Champion
‎04-15-2018 09:22 PM

You can try uploading csv file as lookup and then map it with your report. This may help:
http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/SearchTutorial/Usefieldlookups

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...