Hi, i want to list out all the hostname in my tipwire log. but my hostname field are as below: Hostname 10.10.10.10 : Host A 192.0.0.0 : Host B My hostname and ip are mixed and in the same field. How do i split the hostname, IP and list out all the hostname only. Please assist me on this. Thank you ... View more

I have asset management data that i need to create weekly reports. When i make query for the data like query below: index=a sourcetype=b stats values(ip_addr) as ip by hostname Result: hostname        ip Host A            1) 10.0.0.0                           2) 10.10.10.1                           3) 10.0.0.2 Host B            1) 192.1.1.1                           2) 172.1.1.1 i wanted the result not include the numbering in front of the ip address. Please assist on this. Thank you. ... View more

We have a set of data which populate host and ip Eg. Host                  IP                            count ESDBAS         10.10.10.10              1 ASFDB             192.0.0.0                   1 Query: index=a  sourcetype=b | stats values(ip) as IP count by host i need the result which any hostname that contain DB should come out on another field eg: Host                  IP                            count      Environment ESDBAS         10.10.10.10              1                      DB ASFDB             192.0.0.0                   1                      DB Please assist me on this     ... View more

  Hi,  I have created table with host and grouped IP address the host will have public and private IP address So my table look like this Host             IP                      id Host A        10.1.1.1         21                       172.1.1.1        i have ip range to identify the public ip. i need to create another field which if the range is match mean the result will be yes if not no i have used this query for the field  | eval "internet facing"=case(cidrmatch(172.1.1.0/24" , IP) , "Yes" , 1=1, "No") but this eval only work on field which have 1 IP. in my group ip field, its not working. Please assist on this. Thank you ... View more

Hi, i have parsing issue on window DHCP log. Im using splunk add on for Window DHCP. The raw log are as below. 1030,05/16/23,15:24:03,0 DHCPV6 Stateless client records purged,,,,,,,,,, 25,05/16/23,15:24:03,0 leases expired and 0 leases deleted,,,,,0,6,,,,,,,,,0 25,05/16/23,15:24:03,0 leases expired and 0 leases deleted,,,,,0,6,,,,,,,,,0 24,05/16/23,15:24:03,Database Cleanup Begin,,,,,0,6,,,,,,,,,0 11030,05/16/23,14:24:03,0 DHCPV6 Stateless client records purged,,,,,,,,,, 25,05/16/23,14:24:03,0 leases expired and 0 leases deleted,,,,,0,6,,,,,,,,,0 25,05/16/23,14:24:03,0 leases expired and 0 leases deleted,,,,,0,6,,,,,,,,,0 it seems like doesn't have any information. Please assist for this issue. Thank You  ... View more