Has Splunk for Blue Coat ProxySG v3.0.7 been replaced by Splunk Add-on for Symantec Blue Coat ProxySG? Currently have the former installed and must replace it due to it being archived and no longer being supported. ... View more

Hi All, I'm extremely new to Splunk and have been tasked to do the following: Perform a query against one host (Server123) to retrieve MAC addresses then preform a query on a second  host (Server456) using the MAC addresses from the first query. I know all the MAC address from query 1 will not be found, but for the MAC address that are found, the MAC address, (which field name is different), the User Name, Network Device Name, and the IP Address would be put into a table and used as a report. I run the query and get the following error: ERROR in 'stats' command: The argument 'Calling_Station_ID=(Mac addr.) When I run the 1st query by its self I see that the MAC addr. in error is the 1st MAC addr. in the 1st row.   Code: index=* host="Server456" | stats count by Calling_Station_ID, User_Name, DeviceName, IP [ search index=* host="Server123" "no free leases" | eval MAC address=suibstr(_raw,52,18) | stats count by MAC address | eval MAC address=replace (MAC address," : ", " - ") | fields MAC address | return Calling_Station_ID=MAC address MAC Address $Mac_address } | table Calling_Station_ID, User_Name, DeviceName, IP | Results: I'm looking for the query to use the MAC from the 1st query to search the 2nd query and if there's a match return the MAC (under the Calling_Station_ID field), the User_Name, DeviceName and IP ... View more