I am trying to build a query so that anytime someone needs to find the host of a DHCP IP at a specific time (since they change often), it is possible to track them. However, this query has become quite difficult and I am seeking help from you Splunxperts out there. There are summaries (such as Assign, Renew, Release, Nack, Conflict) and I am looking for the best way to go about this. Below is some sample data. I envision when someone needs to find a host, they type the IP into this query (or dashboard) and it brings the host up for them.
sourcetype=netw_DHCP (end network session start)
... View more