I am using DBConnect to query a SQL database for AirWatch. The IP address and MAC address fields are in binary. I have converted to Decimal using the query and the data is in Splunk, but I am stuck there. I need a way of getting the MAC and IP in proper dotted notations. Query: > SELECT > CONVERT(int, iface.[MAC], 0) AS dest_mac_decimal , > iface.[MAC] AS dest_mac_binary , > CONVERT(int, iface.[IPAddress], 0) AS > dest_ip_decimal , > iface.[IPAddress] AS dest_ip_binary , > iface.[Name] AS dest_int_name , > iface.[Description] AS dest_int_desc , > iface.[IsWLAN] AS dest_int_wlan , > dev.* > FROM "AirWatch"."dbo"."Device" AS dev > LEFT OUTER JOIN [AirWatch].[dbo].[DeviceInterface] AS > iface > ON dev.DeviceID = iface.DeviceID The data is searchable and here is my search: >sourcetype=airwatch:inventory dest_ip_decimal=* dest_mac_decimal=* Result: > 2018-11-19 > 12:00:00.076 dest_mac_decimal="931904946" dest_ip_decimal="168559919" > 2018-11-19 > 12:00:00.076 dest_mac_decimal="884467629" dest_ip_decimal="168559915" > 2018-11-19 > 12:00:00.074 dest_mac_decimal="1214041724" dest_ip_decimal="168559694" > 2018-11-19 > 12:00:00.070 dest_mac_decimal="-1477460740" dest_ip_decimal="168559657" > 2018-11-19 > 12:00:00.070 dest_mac_decimal="-396175749" dest_ip_decimal="168559881" Notice some mac are somehow converted to a negative number. THANKS!!! ... View more

I have green checks on everything except page lookups. I have tried dissecting the WA_pages lookup generation and found that http_request does not exist. Strangely, I get non-pageviews but no pageviews. So Analytics center works, audience works, Acquisition works, Behavior and Traffic are where it starts to break. I have an eventype=pageview. Is there something else I can try to get the http_request field? ... View more