Application: getdevicetype

getdevicetype

Author: araitz	Date Added:	Sep 11, 2007	Flag as Miscategorized Mistyped Inappropriate
Downloads:83	Last Updated:	Sep 11, 2007
Type: Search Commands	License:	Creative Commons
Type: Search Commands	Price:	Free

Version: 1.0

Free Download View Contents

Description

This search command will parse a csv file exported by network or systems device management software and match the hostnames/ip addresses in the file to host field values in you Splunk search, returning the new field devicetype for every match.

The csv location is specified at the top of the script, and if you wish you can also alter the field matching to something other than "host" by changing the field variable in the script. The csv must be in the format "device_name,device_type".

Thus, you can type:

login | getdevicetype | where devicetype="cisco6500"

to get only logins on cisco6500 devices

or

login | getdevicetype

to get devicetype to display as a field below each event and be filterable and clickable like host and hosttag.

or

login | getdevicetype | top devicetype

to get a report of number of events by devicetype.

(No detailed description for this addon)

Rating

(1 vote)

http://www.splunkbase.com/-dkt4xu

Categories

Types

Application: getdevicetype

getdevicetype

Categories:

Description

Rating

Preview Application: