I am trying to get a rough idea of the number of iphones, ipads, and androids connecting to our internal network. I am using dhcp logs which contains the hostnames. Luckily a lot of folks leave the works iphone, ipad, and android in the hostname of their devices.
Here are my dhcp logs:
Nov 4 15:17:08 10.11.1.16 dhcpd[16141]: DHCPACK on 10.101.39.209 to a4:67:06:ca:42:e3 (Walkers-iPad) via eth1 relay 10.101.39.193 lease-duration 432000 (RENEW)
host = abcgydcpdhcp01 source = /var/log/remote_logs/abcgydcpdhcp01/daemon_20151104.log sourcetype = dhcpd
Nov 4 15:17:08 10.0.0.48 dhcpd[28107]: DHCPREQUEST for 10.101.39.209 from a4:67:06:ca:42:e3 (Walkers-iPad) via 10.101.39.193 (RENEW)
host = codendcpdhcp01 source = /var/log/remote_logs/codendcpdhcp01/daemon_20151104.log sourcetype = dhcpd
Here is the search I am using:
index=network sourcetype=dhcpd hostname=*iphone* OR hostname=*android* OR hostname=*ipad*
The search returns many results and I would like to present this data in a way that shows a unique count of iphones, ipads, and androids by hostname.
Any help would be much appreciated!
↧