Infoblox Reporting. IPAM Discovered Device History by Network

 This is a custom version of this dashboard. I’ve added networks filter. The query for the filter is not an optimal in terms of performance but anyway will work good for small IPAM databases.

Discovered devices w Networks Filter

<form>
  <label>pvm IPAM Discovered Device History</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
    </input>
    <input type="multiselect" token="networks" searchWhenChanged="true">
      <search>
        <query>index=ib_ipam sourcetype="ib:ipam:network" cidr<32 IPV4 | streamstats dc(_time) as distinct_times | head (distinct_times == 1) | dedup NETWORK</query>
      </search>
      <fieldForLabel>NETWORK</fieldForLabel>
      <fieldForValue>NETWORK</fieldForValue>
      <prefix>(</prefix>
      <suffix>)</suffix>
      <valuePrefix>cidrmatch("</valuePrefix>
      <valueSuffix>",IPADDR)</valueSuffix>
      <delimiter>OR</delimiter>
      <choice value="0.0.0.0/0">All</choice>
      <default>0.0.0.0/0</default>
      <initialValue>0.0.0.0/0</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>source=ib:discovery:ipaddr_activity index=ib_discovery | dedup IPADDR | where (IPADDR_MASK % 4) > 0 and $networks$ | sort 0 _time |lookup ipaddr_mask_lookup IPADDR_MASK output IPADDR_TYPE as Type | rename IPADDR as IP DISCOVERED_MAC_DUID as "Last MAC/DUID" DISCOVERED_NAME as "Device Name" DEVICE_TYPE as "Device Type" SHOWN_INTERFACE as "Port / Interface" NETWORK_VIEW as "Network View"  | table _time IP "Last MAC/DUID" Type "Device Name" "Device Type" "Port / Interface" "Network View"</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

 

The same report just form MAC addresses only.  You need to change the table’s search string to:

source=ib:discovery:ipaddr_activity index=ib_discovery 
| where  (IPADDR_MASK % 4) > 0 and $networks$ | sort 0 _time 
| dedup DISCOVERED_MAC_DUID 
| lookup ipaddr_mask_lookup IPADDR_MASK output IPADDR_TYPE as Type
| rename IPADDR as IP DISCOVERED_MAC_DUID as "Last MAC/DUID" DISCOVERED_NAME as "Device Name" DEVICE_TYPE as "Device Type" SHOWN_INTERFACE as "Port / Interface" NETWORK_VIEW as "Network View"  | table _time "Last MAC/DUID" Type "Device Name" "Device Type" "Port / Interface" "Network View"

 

Discovered devices w Networks Filter_MAC

Vadim

Этот сайт использует Akismet для борьбы со спамом. Узнайте как обрабатываются ваши данные комментариев.