I am trying to build a query so that anytime someone needs to find the host of a DHCP IP at a specific time (since they change often), it is possible to track them. However, this query has become quite difficult and I am seeking help from you Splunxperts out there. There are summaries (such as Assign, Renew, Release, Nack, Conflict) and I am looking for the best way to go about this. Below is some sample data. I envision when someone needs to find a host, they type the IP into this query (or dashboard) and it brings the host up for them.
FirstOccurance=1413379981.000
LastOccurance=1413379981.000
date_hour=13
date_mday=15
date_minute=33
date_month=october
date_second=1
date_wday=wednesday
date_year=2014
date_zone=0
dest=BIGRICHIE90.splunk.com
dest_ip=123.45.67.890
dest_mac=AA:BB:CC:11:22:DD
dns=BIGRICHIE90.splunk.com
dvc_host=zzzaprot01
dvc_ip=123.45.68.9
endTime=1413379981.000
eventtype=external-referer
visitor-type-referred
host=SPLSQL01
index=network_dhcp
ip=123.45.67.890
key=AA:BB:CC:11:22:DD
leaseeventitemid=10409011
mac=AA:BB:CC:11:22:DD
nt_host=BIGRICHIE90.splunk.com
sourcetype=netw_DHCP (end network session start)
startTime=1413379981.000
summary=Assign
time=1413379981.000
timeendpos=45
timestartpos=31
_time=2014-10-15T09:33:01.000-04:00
... View more