Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to check a table for multiple mac addresses with the same IP

jhick
Observer
‎05-10-2021 07:39 PM

Currently my splunk search to get a list of macs of the security cameras with their respective IP is 

index = dhcp 00:04:7d 10.101.240.* |table dest_mac, dest_ip |dedup dest_ip | dedup dest_mac

How would I get it to check for  multiple mac addresses with the same IP. This will indicate that the IP is not fixed.

Thank you!

Labels (4)
Labels
Tags (4)
0 Karma
Reply

abowesman
Explorer
‎05-10-2021 09:55 PM

Try

 

| stats values(dest_mac) as MacAddresses by dest_ip

 

0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital ResilienceTune in to What’s New in Splunk Enterprise ...

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...