I have 2 logs being imported into Splunk Cloud - Proxy logs that contain ip address, url, etc (all successfully extracted) DHCP logs that contain username & ip address What's the best way to tie the 2 together so I can assign a username to the proxy logs? Does a nightly report work best? Proxy Fields: Time, IP Address, URL, Category DHCP Log: Username, IP Address, Time IP assigned (client usually keeps same IP address the entire time, so I'd be searching on who had the IP address assigned last - this could be 2 hours ago or 1 month ago since this log only updates if their IP address changes, not if the ip address is renewed) ... View more