Skip to content

Instantly share code, notes, and snippets.

@tfhartmann

tfhartmann/splunktalk_registtrationsbyos.md

Created September 25, 2013 14:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tfhartmann/6700222 to your computer and use it in GitHub Desktop.
Save tfhartmann/6700222 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
splunktalk_registtrationsbyos.md

The interesting part of this search is the lookup!

`autoreg_registrations` | lookup local=t mac2huid mac AS src_mac  | search NOT os=unknown | chart count by os

The autoreg_registrations macro expands to this:

autoreg_registrations
index=ns-os sourcetype=autoreg source="/var/log/autoreg/applog" eventtype="network-registration-success"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment