Apologies for the title, i couldn't come up with anything that made sense. Some background information before i explain what i am trying to do.
We have multiple indexes in our Splunk instance, each index represents a log source .For example we have an index for proxy logs ( source ip , dest ip , url requested etc.. ) and another index for DHCP logs ( mac address, hostname , lease time, etc... )
Now what i am trying to accomplish is with a single search to be able to see all the proxy logs for a specific laptop over a number of days. The issue i have is that every day when the laptop comes in it receives a new IP so at the moment i have to manually find from the DHCP logs what IP it had for that day and then run my proxy search for that day with the specific IP.
Is there a way to do this in a single search in Splunk by providing just a hostname or is this something i will need to script using the python/Splunk API ?
Any help would be appreciated
↧