Solved: Splunk ES 3.0 Asset Support for ipv6

aelliott · ‎03-19-2014

Does Splunk ES Support IPV6?
I've seen some posts that others have had issues with ipv6 assets within the asset lookup tables.
With the release of ES 3.0, is this supported as of yet?

jcoates_splunk · ‎03-19-2014

Hi,

IPv6 is only partially supported in ES. The addresses can be string-matched, so you can extract them and search for individual assets; however, you cannot do subnet-based searching. Furthermore, there is a bug in ES 3.0's asset and identity correlation system that prevents IPv6 asset addresses from being merged. This will be fixed in the next maintenance release.

View solution in original post

jcoates_splunk · ‎03-19-2014

Hi,

IPv6 is only partially supported in ES. The addresses can be string-matched, so you can extract them and search for individual assets; however, you cannot do subnet-based searching. Furthermore, there is a bug in ES 3.0's asset and identity correlation system that prevents IPv6 asset addresses from being merged. This will be fixed in the next maintenance release.

lakshman239 · ‎12-08-2016

Hello Jcoats - has this been fixed in the ES 4.5? Pls advise.

paolos · ‎03-08-2024

Doesn't work on 7.3 . Big problem managing ipv6 networks . Year 2024
https://docs.splunk.com/Documentation/ES/7.3.0/Admin/Configurenewassetoridentitylist

Splunk ES 3.0 Asset Support for ipv6

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life