Hi team!

Couldn't find any info about it....but how make a proper search string to see what MAC address was on flapping port if port is down now

Time	Event
6/8/21
10:19:25.000 AM	
Jun  8 10:19:25 192.168.200.55 2011: Jun  8 10:20:53.436: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/8/21
10:19:24.000 AM	
Jun  8 10:19:24 192.168.200.55 2010: Jun  8 10:20:52.429: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:20.000 PM	
Jun  7 19:46:20 192.168.200.55 2008: Jun  7 19:47:47.892: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:20.000 PM	
Jun  7 19:46:20 192.168.200.55 2007: Jun  7 19:47:46.892: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:17.000 PM	
Jun  7 19:46:17 192.168.200.55 2004: Jun  7 19:47:43.858: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:15.000 PM	
Jun  7 19:46:15 192.168.200.55 2003: Jun  7 19:47:42.862: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:13.000 PM	
Jun  7 19:46:13 192.168.200.55 2001: Jun  7 19:47:41.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:13.000 PM	
Jun  7 19:46:13 192.168.200.55 2000: Jun  7 19:47:40.408: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:10.000 PM	
Jun  7 19:46:10 192.168.200.55 1997: Jun  7 19:47:37.458: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
7:46:09.000 PM	
Jun  7 19:46:09 192.168.200.55 1996: Jun  7 19:47:36.452: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to down
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
4:46:12.000 PM	
Jun  7 16:46:12 192.168.200.55 1994: Jun  7 16:47:40.209: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios
6/7/21
4:46:12.000 PM	
Jun  7 16:46:12 192.168.200.55 1993: Jun  7 16:47:39.206: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/31, changed state to up
host = 192.168.200.55source = udp:514sourcetype = cisco:ios