Search

Page tree

Contents

This section contains information about fields that are included in the reports and dashboards. You can find the commonly extracted fields and their specifications such as data source and range, which can help you better define your dashboards and searches.

Splunk default fields

Splunk server adds the following default fields to each event in every index.

Field Name

Description

Values/Range

date_hour

Indicates the hour when an event occurred. To narrow your search for specific event timestamps, you can use the default datetime fields. Click here for more information on datetime fields.

Range: 0-23

date_mday

Indicates the day of the month when the event occurred.

Range: 1-31

date_minute

Indicates the exact minute when the event occurred.

Range: 0-59

date_month

Indicates the month during which an event occurred.


date_second

Indicates the second in which an event occurred.

Range: 0-59

date_wday

Indicates the day of the week in which an event occurred.

Example: Sunday, Monday, etc.

date_year

Indicates the year in which an event occurred.


date_zone

Indicates the time for the local timezone of an event, expressed as hours in Unix Time.


eventtype

Indicates events of the same type based on a given search. Click here for more information.

Example: splunkd-log

host

Contains information about the originating hostname or a network IP address that generates the event.

Example: reporting-1.com

index

Contains the name of the index with which a given event is indexed.

Example: ib_dns_summary

linecount

Contains information about the number of lines in an event before it is indexed.

Example: 1

punct

Contains information about the pattern of the first 30 punctuation characters in the first line of the event with which it is associated. It shows how an event looks when all letters, numbers, and spaces are removed and contains characters such as periods, colons, parentheses, quotes, question marks, dashes, and underscores. Click here for more information.



Example: -::.[]:__.../=



source

Contains the name of the file, stream, or other input details from which the event originates.

Example: si-search-dns-query-reply

sourcetype

Specifies the format of data input from which the event originates.

Stash

splunk_server

Contains the name of the Splunk server that comprises the event.

Example: reporting-2.com-2-slave

splunk_server_group

Contains the name of the Splunk server group.

String


Commonly Extracted Fields


Field Name

Description

Values/Range

EA

Specifies the extensible attribute.

String

HWTYPE

Specifies the hardware type.

Example: IB-4030

MAX_DB_OBJECTS

Specifies the maximum objects in the database for a host.

eg: 8000000

MAX_DHCP_LPS

Specifies the maximum number of DHCP leases per second for a host.

Example: 15.0

MAX_DNS_QPS

Specifies the maximum DNS queries per second for a host.

Example: 1000000.0

MEMBER_IP

Specifies the IP address of the member.

IP address

timeendpos

Specifies the byte at which the timestamp ends. These values are based on the TIME_FORMAT that is specified for a sourcetype.

Example: 26

timestartpos

Specifies the byte at which the timestamp starts.

Example: 0

Indexes and Extracted Data

Infoblox Audit Logs

Most of the fields in this index are extracted directly from the audit.log file. Some of them are mentioned in the following table:

Extracted Field NameDescription of the fieldValues/RangeSource of Data
ACTIONIndicates the action takenString. Example: CalledInfoblox audit logs
ADMINIndicates the name of the adminString. Example: rootInfoblox audit logs
EACommon Extracted Fields

EXEC_STATUSIndicates the execution statusString. Example: Pending ApprovalInfoblox audit logs
HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

MESSAGEIndicates the messageString. Example: to=Serial
040Console apparently_via=Direct auth=Local group=.admin-group
Infoblox audit logs
OBJECT_NAMEIndicates the object name

String. Example: RequestRestartServiceStatus

Infoblox audit logs
OBJECT_TYPEIndicates the object typeString. Example: Shared AAAA RecordInfoblox audit logs
TIMESTAMPIndicates the timestampTimestamp. Example: 2017-01-31 01:57:05Infoblox audit logs
actionIndicates the actionExample: update, insertInfoblox audit logs
address
Example: 10.0.0.0Infoblox audit logs
auth
Example: LocalInfoblox audit logs
cidr
Example: 8Infoblox audit logs
code
Example: createdInfoblox audit logs
comment
StringInfoblox audit logs
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

group
Example: admin-groupInfoblox audit logs
hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

member
Example: Member:infoblox.localdomainInfoblox audit logs
network_view
Example: defaultInfoblox audit logs
punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

user
Example: adminInfoblox audit logs

Infoblox DNS Query, DNS Performance, DDNS, and DNS Record Scavenging

Extracted Field NameDescription of the fieldValues/RangeSource of Data
CLIENTIndicates the DNS clientStringInfoblox DNS query

COUNT

Indicates the countInteger

Infoblox DNS query and DNS Record Scavenging

EACommon Extracted Fields

FQDNIndicates the FQDNStringInfoblox DNS query
HITSIndicates the DNS cache hits countIntegerInfoblox DNS query
HNAMEIndicates the HNAMEStringInfoblox DNS query
HWTYPECommon Extracted Fields

LATENCY

Indicates the latency countIntegerInfoblox DNS performance
MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBERSpecifies the memberStringDNS Record Scavenging
MEMBER_IPCommon Extracted fields

MISSESSpecifies DNS cache miss countIntegerInfoblox DNS query

QCOUNT

Specifies query countIntegerInfoblox DNS query
RESTRESTStringInfoblox DDNS
SOURCESOURCEStringInfoblox DDNS
SOURCEASOURCEAIP addressInfoblox DDNS
TLDSpecifies the top-level domain nameStringInfoblox DNS query
TYPERR TypeString. Example: nxdomain

Infoblox DNS query and DNS Record Scavenging

TYPEATYPEAString. Example: SuccessInfoblox DDNS
VIEW
StringInfoblox DNS query
ZONEIndicates the name of the zoneStringInfoblox DDNS
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

display_name

Specifies the name of the DNS viewString.
eventtypeSplunk Default field

failureSpecifies the DNS FAILURE query countInteger
hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

nxdomainSpecifies the DNS NXDOMAIN query countInteger
nxrrsetSpecifies the DNS NXRRSET query countInteger
otherSpecifies the DNS other query countInteger
punctSplunk Default field

referralSpecifies the DNS REFERRAL query countInteger
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

successSpecifies the DNS success query count

timeendposCommon Extracted Fields

timestartposCommon Extracted Fields

Infoblox DNS Query Capture

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

answer_countSpecifies the answer countIntegerInfoblox DNS query capture
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

display_nameSpecifies the DNS viewString
eventtypeSplunk Default field

flag_aaFlag AABoolean. Example: YInfoblox DNS query capture
flag_adFlag ADBoolean. Example: YInfoblox DNS query capture
flag_ednsFlag EDNSBoolean. Example: YInfoblox DNS query capture
flag_recursionFlag RecursionBoolean. Example: YInfoblox DNS query capture
hostSplunk Default field

host_classSpecifies the host classExample: INInfoblox DNS query capture
host_typeSpecifies the host typeExample: PTRInfoblox DNS query capture
indexSplunk Default field

linecountSplunk Default field

message_typeSpecifies the message typeExample: Query or ResponseInfoblox DNS query capture
nameSpecifies the nameHost name. Example: 1.0.0.127.in-addr.arpaInfoblox DNS query capture
querySpecifies the queryHost name. Example: 213.31.102.10.in-addr.arpaInfoblox DNS query capture
query_classSpecifies the query classExample: INInfoblox DNS query capture
query_countSpecifies the query countInteger. Example: 1Infoblox DNS query capture
query_sourceSpecifies the query sourceExample: I, EInfoblox DNS query capture
query_typeSpecifies the DNS query typeExample: PTRInfoblox DNS query capture
rdataRDATAString. This value depends on the query type.Infoblox DNS query capture
reply_codeSpecifies the reply codeString. Example: ServFail, NoErrorInfoblox DNS query capture
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

src_ipSpecifies the source IPIP AddressInfoblox DNS query capture
src_portSpecifies the source portIntegerInfoblox DNS query capture
time_msecSpecifies time in millisecondsIntegerInfoblox DNS query capture
timeendposCommon Extracted Fields

timestampIndicates the timestampIntegerInfoblox DNS query capture
timestartposCommon Extracted Fields

transportSpecifies the mode of transportExample: UDP, TCPInfoblox DNS query capture
ttlSpecifies the TTLInteger. Example: 3600Infoblox DNS query capture
viewSpecifies the viewExample: 1, 2Infoblox DNS query capture

Infoblox DHCP Performance

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

NETWORKSpecifies the network addressExample: 10.0.0.0/8
addressSpecifies the DHCP client addressIP addressInfoblox DHCP performance
address_totalSpecifies the total number of addressesIntegerInfoblox DHCP performance
cidrSpecifies the CIDRExample: 24Infoblox DHCP performance
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

dhcp_hostsSpecifies the DHCP hosts countIntegerInfoblox DHCP performance
dhcp_utilization
Specifies the DHCP utilizationIntegerInfoblox DHCP performance
dhcp_utilization_statusSpecifies the DHCP utilization statusStringInfoblox DHCP performance

dhcpv4ack

Specifies the DHCPv4 ACK message countIntegerInfoblox DHCP performance
dhcpv4decline
Specifies the DHCPv4 decline message countIntegerInfoblox DHCP performance
dhcpv4discover
Specifies the DHCPv4 discover message countIntegerInfoblox DHCP performance
dhcpv4inform
Specifies the DHCPv4 inform message countIntegerInfoblox DHCP performance
dhcpv4leaseactive
Specifies the DHCPv4 lease active message countIntegerInfoblox DHCP performance
dhcpv4leasequery
Specifies the DHCPv4 lease query message countIntegerInfoblox DHCP performance
dhcpv4leaseunassigned
Specifies the DHCPv4 lease unassigned message countIntegerInfoblox DHCP performance
dhcpv4leaseunknown
Specifies the DHCPv4 lease unknown message countIntegerInfoblox DHCP performance
dhcpv4nak
Specifies the DHCPv4 NAK message countIntegerInfoblox DHCP performance
dhcpv4offer
Specifies the DHCPv4 offer message countIntegerInfoblox DHCP performance
dhcpv4release
Specifies the DHCPv4 release message countIntegerInfoblox DHCP performance
dhcpv4request
Specifies the DHCPv4 request message countIntegerInfoblox DHCP performance
dhcpv6advertise
Specifies the DHCPv6 advertise message countIntegerInfoblox DHCP performance
dhcpv6confirm
Specifies the DHCPv6 confirm message countIntegerInfoblox DHCP performance
dhcpv6decline
Specifies the DHCPv6 decline message countIntegerInfoblox DHCP performance
dhcpv6information_request
Specifies the DHCPv6 information request message countIntegerInfoblox DHCP performance
dhcpv6leasequery
Specifies the DHCPv6 lease query message countIntegerInfoblox DHCP performance
dhcpv6leasequery_reply
Specifies the DHCPv6 lease query reply message countIntegerInfoblox DHCP performance
dhcpv6rebind
Specifies the DHCPv6 rebind message countIntegerInfoblox DHCP performance
dhcpv6reconfigure
Specifies the DHCPv6 reconfigure message countIntegerInfoblox DHCP performance
dhcpv6relay_forward
Specifies the DHCPv6 relay forward message countIntegerInfoblox DHCP performance
dhcpv6relay_reply
Specifies the DHCPv6 relay reply message countIntegerInfoblox DHCP performance
dhcpv6release
Specifies the DHCPv6 release message countIntegerInfoblox DHCP performance
dhcpv6renew
Specifies the DHCPv6 renew message countIntegerInfoblox DHCP performance
dhcpv6reply
Specifies the DHCPv6 reply message countIntegerInfoblox DHCP performance
dhcpv6request
Specifies the DHCPv6 request message countIntegerInfoblox DHCP performance
dhcpv6solicit
Specifies the DHCPv6 solicit message countIntegerInfoblox DHCP performance
display_nameSpecifies the DNS ViewString
dynamic_hosts
Specifies the dynamic hosts countIntegerInfoblox DHCP performance
end_addressSpecifies the end IP addressIP addressInfoblox DHCP performance
eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

membersSpecifies the DHCP memberExample: infoblox.localdomainInfoblox DHCP performance
ms_serversSpecifies the MS serversIP addressInfoblox DHCP performance
protocolSpecifies the DHCP protocolExample: IPV4
punctSplunk Default field

rangesSpecifies the DHCP ranges countIntegerInfoblox DHCP performance
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

start_addressSpecifies the start IP addressIP addressInfoblox DHCP performance
static_hosts
Specifies the static hosts countIntegerInfoblox DHCP performance
timeendposCommon Extracted Fields

timestampSpecifies the timestamp of the eventExample: 2017-02-04 03:45:53Infoblox DHCP performance
timestartposCommon Extracted Fields

View

Specifies the network viewExample: defaultInfoblox DHCP performance

Infoblox DHCP FingerPrint, DHCP Lease History

Extracted Field NameDescription of the fieldValues/RangeSource of Data
ACTIONSpecifies the actionString. Example: IssuedInfoblox DHCP lease history
CIDRSpecifies the CIDRIntegerInfoblox DHCP lease history
DEVICE_CLASSSpecifies the device classString. Example: Linux


EACommon Extracted Fields

END_EPOCHSpecifies the end epoch timeIntegerInfoblox DHCP lease history
FPSpecifies the name of the DHCP fingerprintString. Example: No MatchInfoblox DHCP lease history
FP_CIDRSpecifies the fingerprint CIDRInteger. Example: 8Infoblox DHCP lease history
FP_NWSpecifies the fingerprint networkNetwork address. Example: 10.0.0.0Infoblox DHCP lease history
FP_RANGESpecifies the fingerprint rangeNetwork range. Example: 10.0.0.1-10.0.0.200Infoblox DHCP lease history
FP_VIEWSpecifies the fingerprint viewString. Example: defaultInfoblox DHCP lease history
HWTYPECommon Extracted fields

LEASE_IPSpecifies the lease IP addressIP addressInfoblox DHCP lease history
MAC_DUIDSpecifies the MAC addressMAC addressInfoblox DHCP lease history
MAX_DB_OBJECTSCommon Extracted fields

MAX_DHCP_LPSCommon Extracted fields

MAX_DNS_QPSCommon Extracted fields

MEMBER_IPCommon Extracted fields

MS ServerSpecifies the MS serverIP AddressInfoblox DHCP lease history
NWSpecifies the networkNetwork address. Example: 10.0.0.0Infoblox DHCP lease history
OPTION12HOSTSpecifies the host name that is sent using DHCP Option 12String. Example: Fedora21Infoblox DHCP lease history
OS_NUMBERSpecifies the OS numberIntegerInfoblox DHCP lease history
PROTOSpecifies the protocolString. Example: dhcpdInfoblox DHCP lease history
SFPSFPString. Example: Ubuntu/Debian 5/Knoppix 6Infoblox DHCP fingerprint
START_EPOCHSpecifies the start epoch timeIntegerInfoblox DHCP lease history
VIEWSpecifies the view
Infoblox DHCP lease history
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

display_nameSpecifies the DNS viewString


eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon extracted fields

timestartposCommon extracted fields

Infoblox DDI Utilization

Extracted Field
Name
Description of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

address_allocSpecifies the address allocation countIntegerInfoblox DDI utilization
address_assignableSpecifies the address assignable countIntegerInfoblox DDI utilization
address_assignedSpecifies the address assigned countIntegerInfoblox DDI utilization
address_conflictsSpecifies the address conflicts count
Infoblox DDI utilization
address_reservedSpecifies the address reserved countIntegerInfoblox DDI utilization
address_totalSpecifies the total number of addressesIntegerInfoblox DDI utilization
address_unallocSpecifies the address unallocation countIntegerInfoblox DDI utilization
address_unmanagedSpecifies the address unmanaged countIntegerInfoblox DDI utilization
allocationAllocationIntegerInfoblox DDI utilization
cidrSpecifies the CIDRExample: 24Infoblox DDI utilization
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

discovered_nameSpecifies the discovered nameStringInfoblox DDI utilization
display_nameSpecifies the DNS viewString
eventtypeSplunk Default field

first_discovered_timestampSpecifies the first discovered timestampTimestampInfoblox DDI utilization
hostSplunk Default field

hostsSpecifies the address hosts countIntegerInfoblox DDI utilization
indexSplunk Default field

ip_addressSpecifies the IP addressIP AddressInfoblox DDI utilization
last_discovered_timestampSpecifies the last discovered timestamptimestampInfoblox DDI utilization
linecountSplunk Default field

managedIndicates if managed or notBooleanInfoblox DDI utilization
management_platformSpecifies the management platformStringInfoblox DDI utilization
membersSpecifies the DHCP membersExample: infoblox.localdomainInfoblox DDI utilization
ms_primarySpecifies the MS primaryStringInfoblox DDI utilization
port_vlan_nameSpecifies the VLAN port nameStringInfoblox DDI utilization
port_vlan_numberSpecifies the VLAN port numberIntegerInfoblox DDI utilization
network_viewSpecifies the network viewStringInfoblox DDI utilization
primaryPrimaryFQDNInfoblox DDI utilization
protocolSpecifies the DHCP protocolExample: IPV4Infoblox DDI utilization
punctSplunk Default field

rr_aSpecifies the resource record A countIntegerInfoblox DDI utilization
rr_aaaaSpecifies the resource record AAAA countIntegerInfoblox DDI utilization
rr_cnameSpecifies the resource record CNAME countIntegerInfoblox DDI utilization
rr_dhcidSpecifies the resource record DHCID countIntegerInfoblox DDI utilization
rr_dnameSpecifies the resource record DNAME countIntegerInfoblox DDI utilization
rr_dnskeySpecifies the resource record DNSKEY countIntegerInfoblox DDI utilization
rr_dsSpecifies the resource record DS countIntegerInfoblox DDI utilization
rr_lbdnSpecifies the resource record LBDN countIntegerInfoblox DDI utilization
rr_mxSpecifies the resource record MX countIntegerInfoblox DDI utilization
rr_naptrSpecifies the resource record NAPTR countIntegerInfoblox DDI utilization
rr_nsSpecifies the resource record NS countIntegerInfoblox DDI utilization
rr_nsecSpecifies the resource record NSEC countIntegerInfoblox DDI utilization
rr_nsec3Specifies the resource record NSEC3 countIntegerInfoblox DDI utilization
rr_nsec3paramSpecifies the resource record NSEC3PARAM countIntegerInfoblox DDI utilization
rr_otherSpecifies the resource record OTHER countIntegerInfoblox DDI utilization
rr_ptrSpecifies the resource record PTR countIntegerInfoblox DDI utilization
rr_rrsigSpecifies the resource record RRSIG countIntegerInfoblox DDI utilization
rr_soaSpecifies the resource record SOA countIntegerInfoblox DDI utilization
rr_srvSpecifies the resource record SRV countIntegerInfoblox DDI utilization
rr_tlsaSpecifies the resource record TLSA countIntegerInfoblox DDI utilization
rr_totalSpecifies the resource record TOTAL countIntegerInfoblox DDI utilization
rr_txtSpecifies the resource record TXT countIntegerInfoblox DDI utilization
signedIndicates whether signed or notBooleanInfoblox DDI utilization
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

TimestampSpecifies the timestamp of the eventExample: 2017-02-04 03:45:53Infoblox DDI utilization
timestartposCommon Extracted Fields

utilizationSpecifies the address utilization countIntegerInfoblox DDI utilization
viewSpecifies the network viewExample: defaultInfoblox DDI utilization
zone_formatSpecifies the zone formatString. Example: Forward-MappingInfoblox DDI utilization
zone_nameSpecifies the zone nameString. Example: member1.comInfoblox DDI utilization
zones_forwardSpecifies the zone forward countIntegerInfoblox DDI utilization
zones_ipv4Specifies the IPv4 count of the zoneIntegerInfoblox DDI utilization
zones_ipv6Specifies the IPv6 count of the zoneIntegerInfoblox DDI utilization
zones_signedSpecifies the signed count of the zoneIntegerInfoblox DDI utilization

Infoblox Discovered Devices Related Dashboards/Reports

Extracted Field NameDescription of the fieldValues/RangeSource of Data
ADM_DN_OP_DN_COUNTAdmin-Down/Operation-DownPort CountInteger

Infoblox discovered devices related
dashboards/reports

ADM_UP_OP_DN_COUNTAdmin-Up/Operation-UpPort CountInteger

Infoblox discovered devices related
dashboards/reports

ADM_UP_OP_UP_COUNTAdmin-Up/Operation-DownPort CountInteger

Infoblox discovered devices related
dashboards/reports

COMPONENT_NAMESpecifies the component nameString. Example: DELL-PC8024F

Infoblox discovered devices related
dashboards/reports

COMPONENT_TYPESpecifies the component typeString. Example: Switch-Router

Infoblox discovered devices related
dashboards/reports

COMPONENT_PORTSpecifies the component portString. Example: Gi1/0/24

Infoblox discovered devices related
dashboards/reports

DEVICE_MGMT_IPSpecifies the device management IP addressIP address

Infoblox discovered devices related
dashboards/reports

DEVICE_MODELSpecifies the device modelString. Example: EX2200

Infoblox discovered devices related
dashboards/reports

DEVICE_NAMESpecifies the device nameString. Example: Cisco_434f44

Infoblox discovered devices related
dashboards/reports

DEVICE_TYPESpecifies the device typeString. Example: Switch, Router

Infoblox discovered devices related
dashboards/reports

DEVICE_VENDORSpecifies the device vendorString. Example: Avaya

Infoblox discovered devices related
dashboards/reports

DISCOVERED_MAC_DUIDSpecifies the discovered MAC DUIDMAC address

Infoblox discovered devices related
dashboards/reports


DISCOVERED_NAME
Specifies the discoverd nameExample: dev_view1.yahoo.com

Infoblox discovered devices related
dashboards/reports

EACommon Extracted Fields

HWTYPECommon Extracted Fields

IN_USE_FLAGIn use flagInteger. Example: 1

Infoblox discovered devices related
dashboards/reports

IPADDRSpecifies the IP addressIP Address. Example: 11.11.11.11

Infoblox discovered devices related
dashboards/reports

IPADDR_MASKSpecifies the IP address maskInteger. Example: 128

Infoblox discovered devices related
dashboards/reports

MAC_DUIDSpecifies the MAC addressMAC address

Infoblox discovered devices related
dashboards/reports

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

NETWORK_VIEWSpecifies the network viewString. Example: default

Infoblox discovered devices related
dashboards/reports

NON_NULL_NAMESpecifies the non-null nameString. Example: DELL-PC8024F
NON_NULL_PORTSpecifies the non-null portString. Example: Gi1/0/24
TIMESTAMPSpecifies the timestampTimestamp. Example: 2017-02-15 15:56:27

Infoblox discovered devices related
dashboards/reports

TIMESTAMP_USER_HOST_

PROCESS_PID_INFO_PREFIX

Specifies the timestamp userhost process pid info prefixString. Example: 2017-02-15T11:02:53+00:00 user infoblox.localdomain
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e5d51f7e-f354-4235-870a-9e02f49b3d41"><ac:plain-text-body><![CDATA[python[]: info ipaddr-activity-rpt

Infoblox discovered devices related
dashboards/reports

TOTAL_AVAIL_COUNTSpecifies the total available countInteger

Infoblox discovered devices related
dashboards/reports

TypeSpecifies the typeString. Example: Discovery


ap_bss_macAccess Point BSS MACMAC addressInfoblox discovered devices related
dashboards/reports
ap_ip_dottedAccess Point IP dottedStringInfoblox discovered devices related
dashboards/reports
ap_macAccess Point MACMAC addressInfoblox discovered devices related
dashboards/reports
ap_nameAccess Point nameStringInfoblox discovered devices related
dashboards/reports
ap_associated_ssidAccess Point associated SSIDStringInfoblox discovered devices related
dashboards/reports
asset_typeSpecifies the asset typeString. Example: Physical DeviceInfoblox discovered devices related
dashboards/reports
classSpecifies the class nameString. Example: portInfoblox discovered devices related
dashboards/reports
component_nameSpecifies the component nameString. Example: GigabitEthernet1/0/1Infoblox discovered devices related
dashboards/reports
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

DescriptionSpecifies the descriptionString. Example: Gigabit Ethernet PortInfoblox discovered devices related
dashboards/reports
device_idSpecifies the device IDIntegerInfoblox discovered devices related
dashboards/reports
device_ip_addressSpecifies the device IP addressIP addressInfoblox discovered devices related
dashboards/reports
device_modelSpecifies the device modelString. Example: catalyst37xxStackInfoblox discovered devices related
dashboards/reports
device_nameSpecifies the device nameString. Example:DELL-PC8024FInfoblox discovered devices related
dashboards/reports
device_os_versionSpecifies the device OS versionString. Example: 4.14.6MInfoblox discovered devices related
dashboards/reports
device_typeSpecifies the device typeString. Example: SwitchInfoblox discovered devices related
dashboards/reports
device_vendorSpecifies the device vendorString. Example: CiscoInfoblox discovered devices related
dashboards/reports
device_versionSpecifies the device versionString. Example: 5.1.2.3Infoblox discovered devices related dashboards/reports
display_nameSpecifies the DNS viewStringInfoblox discovered devices related dashboards/reports
end_host_addl_infoSpecifies additional information about the end hostStringInfoblox discovered devices related dashboards/reports
end_host_device_modelSpecifies the device model of the end hostString. Example: catalyst37xxStackInfoblox discovered devices related dashboards/reports
end_host_device_typeSpecifies the device type of the end hostString. Example: Switch-RouterInfoblox discovered devices related dashboards/reports
end_host_device_vendorSpecifies the device vendor of the end hostString. Example: CiscoInfoblox discovered devices related dashboards/reports
end_host_first_discoveredSpecifies the first occasion when the end host was first discoveredIntegerInfoblox discovered devices related dashboards/reports
end_host_ip_addressSpecifies the IP address of the end hostIP addressInfoblox discovered devices related dashboards/reports
end_host_last_discoveredIndicates when was end host last discoveredIntegerInfoblox discovered devices related dashboards/reports
end_host_mac_addressSpecifies the MAC address of the end hostMAC addressInfoblox discovered devices related dashboards/reports
end_host_nameSpecifies the name of the end hostString. Example: WS-C3750X-24PInfoblox discovered devices related dashboards/reports
end_host_network_viewSpecifies the network view of the end hostString. Example: custom viewInfoblox discovered devices related dashboards/reports
end_host_os_versionSpecifies the version of the end host OSString. Example: 15.2(1)E2Infoblox discovered devices related dashboards/reports
eventtypeSplunk Default field

firmware_revIndicates firmware revisionString. Example: 15.2(1)E2Infoblox discovered devices related dashboards/reports
first_seenFirst seen timestampIntegerInfoblox discovered devices related dashboards/reports
hardware_revSpecifies revision of the hardwareString. Example: V05Infoblox discovered devices related dashboards/reports
hostSplunk Default field

indexSplunk Default field

interface_admin_statusSpecifies the interface admin statusString. Example: upInfoblox discovered devices related dashboards/reports
interface_descriptionSpecifies the interface interface descriptionStringInfoblox discovered devices related dashboards/reports
interface_ip_addressSpecifies the interface IP addressIP addressInfoblox discovered devices related dashboards/reports
interface_nameSpecifies the interface nameString. Example: Fa0Infoblox discovered devices related dashboards/reports
interface_port_statusSpecifies the interface port statusString. Example: upInfoblox discovered devices related dashboards/reports
interface_speedSpecifies the interface speedInteger. Example: 1000000000Infoblox discovered devices related dashboards/reports
interface_typeSpecifies the interface typeString. Example: tunnelInfoblox discovered devices related dashboards/reports
interface_vlanSpecifies the interface VLAN IDInteger Example: 16Infoblox discovered devices related dashboards/reports
interface_vlan_nameSpecifies the interface VLAN nameString. Example: VLAN1014Infoblox discovered devices related dashboards/reports
ip_addressSpecifies the IP addressIP addressInfoblox discovered devices related dashboards/reports
is_trunk_portSpecifies if it is a trunk port or notBooleanInfoblox discovered devices related dashboards/reports
last_seenSpecifies the last seen timestampIntegerInfoblox discovered devices related dashboards/reports
linecountSplunk Default field

modelSpecifies the model nameString. Example: DCS-7048T-AInfoblox discovered devices related dashboards/reports
network_viewSpecifies the network viewString. Example: custom viewInfoblox discovered devices related dashboards/reports
port_last_changed_atThe timestamp when the port was last changedTimestampInfoblox discovered devices related dashboards/reports
punctSplunk Default field

serial_numberSpecifies the serial numberString. Example: JPE12440180Infoblox discovered devices related dashboards/reports
software_revSpecifies the software revisionString. Example: 15.2(1)E2Infoblox discovered devices related dashboards/reports
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

switch_interfaceSpecifies the switch interfaceString. Example: Gi0/47Infoblox discovered devices related dashboards/reports
switch_ip_addressSpecifies the switch IP AddressIP AddressInfoblox discovered devices related dashboards/reports
switch_modelIndicates the switch modelString. Example: cat3560x48Infoblox discovered devices related dashboards/reports
switch_nameSpecifies the switch nameString. Example: ni-mri-sw4.inca.infoblox.comInfoblox discovered devices related dashboards/reports
switch_os_versionSpecifies the OS version of the switchString. Example: 12.2(53)SE2Infoblox discovered devices related dashboards/reports
switch_typeSpecifies the switch typeString. Example: SwitchInfoblox discovered devices related dashboards/reports
switch_vendorSpecifies the vendor of the switchString. Example: CiscoInfoblox discovered devices related dashboards/reports
switch_vlanSpecifies the switch VLANInteger. Example: 18Infoblox discovered devices related dashboards/reports
timeendposCommon Extracted Fields

timestampIndicates the timestampIntegerInfoblox discovered devices related dashboards/reports
timestamp_user_host_process_pid_info_prefixSpecifies the prefixStringInfoblox discovered devices related dashboards/reports
timestartposCommon Extracted Fields

user_idSpecifies the User ID
Infoblox discovered devices related dashboards/reports
ViewSpecifies the DNS viewStringInfoblox discovered devices related
dashboards/reports
virtual_indSpecifies the virtual indicatorInteger

Infoblox Threat Protection Related Dashboards/Reports

Extracted Field NameDescription of the fieldValues/RangeSource of Data
ACOUNTACOUNTInteger

Infoblox threat protection
related dashboards/reports

ACTIVE_COUNTSpecifies the active countInteger

Infoblox threat protection
related dashboards/reports

ALERT_IDSpecifies the alert IDInteger

Infoblox threat protection
related dashboards/reports

ALERT_TYPESpecifies the alert typeString

Infoblox threat protection
related dashboards/reports

BLOCK_ENDSpecifies the block end IP addressInteger

Infoblox threat protection
related dashboards/reports

BLOCK_STARTSpecifies the block start IP addressInteger

Infoblox threat protection
related dashboards/reports

CATEGORYSpecifies the categoryString. Example: OSPF

Infoblox threat protection
related dashboards/reports

CLIENTSpecifies the clientString

Infoblox threat protection
related dashboards/reports

COUNTSpecifies the countInteger

Infoblox threat protection
related dashboards/reports

DCOUNTSpecifies the DCOUNTInteger

Infoblox threat protection
related dashboards/reports

DNST_CATEGORYSpecifies the destination categoryString

Infoblox threat protection
related dashboards/reports

DOMAIN_NAMESpecifies the domain nameString

Infoblox threat protection
related dashboards/reports

EACommon Extracted Fields

FIREEYE_APPLIANCESpecifies the FireEye applianceString

Infoblox threat protection
related dashboards/reports

HWTYPECommon Extracted Fields

LOG_SEVERITYSpecifies log severityString

Infoblox threat protection
related dashboards/reports

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

MESSAGESpecifies the messageString. Example: DROP OSPF unexpected

Infoblox threat protection
related dashboards/reports

MITIGATION_ACTIONSpecifies the mitigation actionString

Infoblox threat protection
related dashboards/reports

NAT_STATUSSpecifies the NAT statusString

Infoblox threat protection
related dashboards/reports

RECORD_DATASpecifies the record dataString

Infoblox threat protection
related dashboards/reports

RPZ_QNAMESpecifies the RPZ QNAMEString

Infoblox threat protection
related dashboards/reports

RULE_DESCRIPTIONSpecifies the rule descriptionString. Example: This rule drops any unexpected OSPF packets when OSPF is disabled.


RULE_NAMESpecifies the rule nameString. Example: DROP OSPF unexpected


RULE_SIDSpecifies the rule SIDIntegerInfoblox threat protection
related dashboards/reports
SEVERITYSpecifies the severityString. Example: INFORMATIONALInfoblox threat protection
related dashboards/reports
SIDSpecifies the SIDIntegerInfoblox threat protection
related dashboards/reports
SOURCE_IPSpecifies the source IPIP addressInfoblox threat protection
related dashboards/reports
SOURCE_PORTSpecifies the source portIntegerInfoblox threat protection
related dashboards/reports
TIMESTAMPIndicates the timestampTimestampInfoblox threat protection
related dashboards/reports
TOTAL_COUNTSpecifies the total countIntegerInfoblox threat protection
related dashboards/reports
VIEWSpecifies the DNS viewStringInfoblox threat protection
related dashboards/reports
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timestartposCommon extracted fields

Infoblox DNS Traffic Control

Most of the fields in this index are extracted directly from the syslog_filtered.log file. Some of them are mentioned in the table below:

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

available
Specifies the available countIntegerInfoblox DNS traffic control
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

monitorSpecifies the DNS Traffic Control SNMP health monitorStringInfoblox DNS traffic control
poolSpecifies the poolStringInfoblox DNS traffic control
punctSplunk Default field

resourceSpecifies the resourceStringInfoblox DNS traffic control
response_count
Specifies the response countIntegerInfoblox DNS traffic control
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestampIndicates the timestamp of the eventExample: 2017-02-04 03:45:53
timestartposCommon Extracted Fields

unavailable

Specifies the unavailable countIntegerInfoblox DNS traffic control

Infoblox Cloud Related Dashboards/Reports

Extracted Field NameDescription of the fieldValues/RangeSource of Data
ACTIONSpecifies the actionString. Example: Allocated
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

TENANT_NAMESpecifies the name of the tenant associated with the VMString


actionSpecifies the action countIntegerInfoblox cloud related dashboards/reports
addressSpecifies the IP addressIP addressInfoblox cloud related dashboards/reports
address_typeSpecifies the type of addressIntegerInfoblox cloud related dashboards/reports
application_typeSpecifies the application type
Infoblox cloud related dashboards/reports
cidrSpecifies the CIDRExample: 24Infoblox cloud related dashboards/reports
cnamesSpecifies the common nameStringInfoblox cloud related dashboards/reports
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

display_nameSpecifies the DNS viewString


elastic_addressSpecifies the elastic IP addressIP addressInfoblox cloud related dashboards/reports
eventtypeSplunk Default field

FqdnSpecifies the FQDNStringInfoblox cloud related dashboards/reports
hostSplunk Default field

indexSplunk Default field

interface_nameSpecifies the interface nameStringInfoblox cloud related dashboards/reports
is_primary_ifcIndicates if primary IFC or notExample: 0 (not primary)Infoblox cloud related dashboards/reports
linecountSplunk Default field

locationSpecifies the location
Infoblox cloud related dashboards/reports
mac_addressSpecifies the MAC addressExample: 00:11:22:33:44:55Infoblox cloud related dashboards/reports
mgmt_platformSpecifies management platformExample: vm132ctestInfoblox cloud related dashboards/reports
networkSpecifies the network addressExample: 10.0.0.0/8Infoblox cloud related dashboards/reports
network_viewSpecifies the network viewExample: defaultInfoblox cloud related dashboards/reports
port_idSpecifies the port IDIntegerInfoblox cloud related dashboards/reports
private_addressSpecifies the private addressIP addressInfoblox cloud related dashboards/reports
private_hostnameSpecifies the private hostnameStringInfoblox cloud related dashboards/reports
public_addressSpecifies the public addressIP addressInfoblox cloud related dashboards/reports
public_hostnameSpecifies the public hostnameStringInfoblox cloud related dashboards/reports
punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

tenant_idSpecifies the tenant IDIntegerInfoblox cloud related dashboards/reports
timeendposCommon Extracted Fields

timestampIndicates the timestamp of the eventExample: 2017-02-04 03:45:53Infoblox cloud related dashboards/reports
timestartposCommon Extracted Fields

viewSpecifies the DNS viewString
vlan_idSpecifies the VLAN IDIntegerInfoblox cloud related dashboards/reports
vm_hostnameSpecifies the hostname of the VMStringInfoblox cloud related dashboards/reports
vm_nameSpecifies the name of the VMExample: 99Infoblox cloud related dashboards/reports
vm_vpc_addressSpecifies the VPC address of the VMIP addressInfoblox cloud related dashboards/reports
vm_vpc_cidrSpecifies the VPC CIDR of the VMExample: 24Infoblox cloud related dashboards/reports
vm_vpc_idSpecifies the VPC ID of the VMIntegerInfoblox cloud related dashboards/reports
vm_vpc_nameSpecifies the VPC name of the VMIntegerInfoblox cloud related dashboards/reports
vpc_addrSpecifies the VPC addressIP addressInfoblox cloud related dashboards/reports

Infoblox Syslog

Most of the fields in this index are extracted directly from the syslog_filtered.log file. Some of them are mentioned in the following table:

Extracted Field NameDescription of the fieldValues/RangeSource of Data
BOOT_IMAGE
Example: /boot/bzImageInfoblox syslog file
CPUs
Integer. Example: 8Infoblox syslog file
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

group
Example: admin-groupInfoblox syslog file
hits
IntegerInfoblox syslog file
hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

misses
IntegerInfoblox syslog file
punctSplunk Default field

size
IntegerInfoblox syslog file
sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestartposCommon Extracted Fields

System Capacity

Extracted Field NameDescription of the fieldValues/RangeSource of Data
COUNTSpecifies the countIntegerSystem capacity
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

PERCENTSpecifies the percentageIntegerSystem capacity
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestartposCommon Extracted Fields

Infoblox System Utilization (CPU, Memory, Network Traffic) Related Dashboards/Reports

Extracted Field NameDescription of the fieldValues/RangeSource of Data
CPU_PERCENT
Specifies the CPU percentageInteger value within 0-100

Infoblox system utilization
related dashboards/reports

EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

MEMORY_PERCENT
Specifies the memory percentageInteger. Value within 0-100

Infoblox system utilization
related dashboards/reports

TRAF_VALUE
Specifies the traffic valueInteger

Infoblox system utilization
related dashboards/reports

date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

linecountSplunk Default field

punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

sys_report_idSpecifies the report ID based on whether inbound or outboundInteger

Infoblox system utilization
related dashboards/reports

timeendposCommon Extracted Fields

timestartposCommon Extracted Fields

Infoblox Ecosystem Subscription

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

cisco_ise_endpoint_profileSpecifies the Cisco ISE endpoint profileStringInfoblox ecosystem subscription
cisco_ise_security_groupSpecifies the Cisco ISE security group
Infoblox ecosystem subscription
cisco_ise_session_stateSpecifies the Cisco ISE session stateString. Example: STARTEDInfoblox ecosystem subscription
cisco_ise_ssidSpecifies the Cisco ISE SSIDStringInfoblox ecosystem subscription
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

domainnameSpecifies the domain nameStringInfoblox ecosystem subscription
ea_eps_statusSpecifies the EPS status of the extensible attributeStringInfoblox ecosystem subscription
eventtypeSplunk Default field

guidSpecifies the GUIDStringInfoblox ecosystem subscription
hostSplunk Default field

indexSplunk Default field

ip_addressSpecifies the IP addressIP addressInfoblox ecosystem subscription
last_discovered_timestampSpecifies the last discovered timestampIntegerInfoblox ecosystem subscription
linecountSplunk Default field

port_vlan_nameSpecifies the VLAN name of the portStringInfoblox ecosystem subscription
port_vlan_numberSpecifies the VLAN number of the portIntegerInfoblox ecosystem subscription
punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestampSpecifies the timestamp of the eventExample: 2017-02-04 03:45:53Infoblox ecosystem subscription
timestartposCommon Extracted Fields

usernameSpecifies the usernameStringInfoblox ecosystem subscription

Infoblox Ecosystem Publication

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

contentsSpecifies the contentString. Example: {'LEASE_STATE': 'STARTED', 'Lease_Start_Time': '2017-03-01T07:00:00Z', 'MAC_OR_DUID': '80:3c:3e:29:84:cc', 'Fingerprint': 'No Match', 'Lease_End_Time': '2017-03-01T07:02:00Z', 'IPAddress': '10.0.0.20', 'Infoblox_Member': '10.35.205.6'}Infoblox ecosystem publication
date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

ip_addressSpecifies the IP addressIP addressInfoblox ecosystem publication
linecountSplunk Default field

notification_actionSpecifies the notification actionExample: CISCOISE_PUBLISH_IPAMInfoblox ecosystem publication
notification_targetSpecifies the notification targetIP addressInfoblox ecosystem publication
punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestampSpecifies the timestamp of the eventExample: 2017-02-04 03:45:53Infoblox ecosystem publication
timestartposCommon Extracted Fields

Reporting License Usage

Extracted Field NameDescription of the fieldValues/RangeSource of Data
EACommon Extracted Fields

HWTYPECommon Extracted Fields

MAX_DB_OBJECTSCommon Extracted Fields

MAX_DHCP_LPSCommon Extracted Fields

MAX_DNS_QPSCommon Extracted Fields

MEMBER_IPCommon Extracted Fields

date_hourSplunk Default field

date_mdaySplunk Default field

date_minuteSplunk Default field

date_monthSplunk Default field

date_secondSplunk Default field

date_wdaySplunk Default field

date_yearSplunk Default field

date_zoneSplunk Default field

display_nameSpecifies the DNS viewString
eventtypeSplunk Default field

hostSplunk Default field

indexSplunk Default field

license_countSpecifies the license countIntegerReporting license usage
license_poolSpecifies the license poolString. Example: cloud_api.0Reporting license usage
linecountSplunk Default field

punctSplunk Default field

sourceSplunk Default field

sourcetypeSplunk Default field

splunk_serverSplunk Default field

splunk_server_groupSplunk Default field

timeendposCommon Extracted Fields

timestampIndicates the timestampTimestampReporting license usage
timestartposCommon Extracted Fields

utilizationSpecifies the utilizationIntegerReporting license usage
viewSpecifies the DNS viewString

Summary Indexes

Summary Indexes Frequency

The field frequencies of all fields for each summary index are as mentioned in the following table:

Summary IndexReportFrequencyCron ScheduleEarliest
Time
Latest
Time
ib_dns_summarysi_dns_reclaimed_object_count_trendAt every 30th minute from 21 through 5921-59/30 * * * *30m@m60m@m

si_dns_top_clientsAt every 30th minute from 2 through 592-59/30 * * * *30m@m60m@m

si_dns_query_replyAt every 30th minute from 18 through 5918-59/30 * * * *30m@m60m@m

si_top_servfail_received_queriesAt every 30th minute from 7 through 597-59/30 * * * *30m@m60m@m

si_dns_response_latency_trendAt every 30th minute from 20 through 5920-59/30 * * * *30m@m60m@m

si_dns_member_qps_trend_per_hourAt minute 3434 * * * *@h-1h@h

si_top_nxdomain_queryAt every 30th minute from 5 through 595-59/30 * * * *30m@m60m@m

si_dns_member_qps_trend_per_dayEvery day 32 minutes past midnight32 0 * * *@d-1d@d

si_dns_member_qps_trendAt every 30th minute from 12 through 5912-59/30 * * * *30m@m60m@m

si_dns_requested_domainAt every 30th minute from 4 through 594-59/30 * * * *30m@m60m@m

si_dns_qps_trendAt every 30th minute from 10 through 5910-59/30 * * * *30m@m60m@m

si_top_servfail_sent_queriesAt every 30th minute from 6 through 596-59/30 * * * *30m@m60m@m

si_ddns_updateAt every 30th minute from 6 through 596-59/30 * * * *30m@m60m@m

si_dns_cache_hit_ratioAt every 30th minute from 8 through 598-59/30 * * * *30m@m60m@m

si_top_timeout_queriesAt every 30th minute from 8 through 598-59/30 * * * *30m@m60m@m

si_dns_rpz_hitsAt every 10th minute from 2 through 592-59/10 * * * *10m@m20m@m

si_top_clients_per_domainAt every 30th minute from 3 through 593-59/30 * * * *30m@m60m@m
ib_dhcp_summarysi_dhcp_messageAt every 30th minute from 14 through 5914-59/30 * * * *30m@m60m@m

si_dhcp_usage_trendAt 22 minutes past every 8th hour22 */8 * * *15m@m495m@m

si_dhcp_top_lease_clientAt every 30th minute from 16 through 5916-59/30 * * * *30m@m60m@m

si_devices_denied_an_ip_addressAt every 30th minute from 19 through 5919-59/30 * * * *30m@m60m@m

si_dhcp_range_utilization_trendAt 24 minutes past every 8th hour24 */8 * * *15m@m495m@m

si_dhcp_top_os_by_networkAt every 30th minute from 16 through 5916-59/30 * * * *30m@m60m@m
ib_dtc_summarysi_dtc_response_distributionAt 37 minutes past every 6th hour37 */6 * * *10m@m370m@m

si_adns_resource_pool_availabilityAt 23 minutes past every 6th hour23 */6 * * *10m@m370m@m

si_smart_dns_resource_snmpAt 47 minutes past every 6th hour47 */6 * * *10m@m370m@m

si_smart_dns_resource_availabilityAt 47 minutes past every 6th hour47 */6 * * *10m@m370m@m
ib_system_summarysi_index_disk_usageAt 37 minutes past every 6th hour37 */6 * * *10m@m370m@m

si_memory_utilizationAt every 30th minute from 26 through 5926-59/30 * * * *30m@m60m@m

si_traffic_rateAt every 30th minute from 28 through 5928-59/30 * * * *30m@m60m@m

si_cpu_usageAt every 30th minute*/30 * * * *30m@m60m@m
ib_security_summarysi_dns_tunneling_activityAt every 3030th th minute from 11 through 5911-59/30 * * * *30m@m60m@m



Note:

  • cron schedule - cron time scheduled to execute a search
  • earliest time - specifies the earliest time for a search
  • latest time - specifies the latest time for a saved search

Common fields in summary indexes

Splunk server adds the following fields to every event in each summary index:

Field NameDescription of the fieldValues/RangeRemarks
info_max_time
The info_* fields are added to each event when you use the addinfo command. This command is primarily an internally-used component of Summary Indexing. Click here for more information.
The latest time boundary for the search.
IntegerSplunk added special field
info_min_time
Specifies the earliest time boundary for searchIntegerSplunk added special field
info_search_time
Specifies the time when search was initiatedIntegerSplunk added special field
search_name
Specifies the name of the saved searchExample: si-search-dns-query-replySplunk added special field
search_now
Specifies the time when search was scheduled to runIntegerSplunk added special field

Infoblox DNS Summary


Note: *psrsvd* stands for *prestats reserved{*}. Syntax is psrsvd_\[type\]_\[fieldname\]. These special fields are added by Splunk to summary index data that begins with *psrsvd* when you initiate search using the *si** command to populate a summary index. See List of available psrsvd types from Splunk docs.




Extracted Field NameDescription of the fieldReportsValues/RangeSource of DataRemarks
CLIENTSpecifies the IP address of the DNS client
Example: 10.39.18.60

COUNTSpecifies the count of DNS queriessi_dns_top_clientsInteger


Specifies the count of SERVFAIL errors that are received for DNS clientssi_top_servfail_received_queriesInteger


Specifies the count of NXDOMAIN/NOERROR replies for DNS clientssi_top_nxdomain_queryInteger


Specifies the count of DNS domain name requestssi_dns_requested_domainInteger


Specifies the count of DNS queries per secondsi_dns_qps_trendInteger


Specifies the count of DNS SERVFAIL errors that are sent for DNS queriessi_top_servfail_sent_queriesInteger


Specifies the count of DNS timed-out recursive queriessi_top_timeout_queriesInteger


Specifies the average count of DNS RPX hitssi_dns_rpz_hitsInteger


Specifies the count of DNS clients per domainsi_top_clients_per_domainInteger

EACommon Extracted Fields



FQDNSpecifies the fully qualified domain namesi_dns_requested_domain and
si_top_clients_per_domain
Example: 213.31.102.10.in-addr.arpa

HWTYPECommon Extracted Fields



MAX_DB_OBJECTSCommon Extracted Fields



MAX_DHCP_LPSCommon Extracted Fields



MAX_DNS_QPSCommon Extracted Fields



MEMBERSpecifies the member
StringInfoblox DNS Summary
MEMBER_IPCommon Extracted Fields



TLDSpecifies top level domain namessi_dns_requested_domainExample: arpa

TYPESpecifies the DNS response typesi_dns_query_reply,
si_dns_qps_trend, and
si_ddns_update
SUCCESS/NOERROR OR
REFERRAL OR
NXRRSET OR
NXDOMAIN OR
REFUSED OR
OTHER


VIEWIt refers to the DNS view key to map DNS view through lookup. See display_name field.si_dns_requested_domain,
si_dns_top_clients,
si_dns_member_qps_trend_per_hour, si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,
si_dns_qps_trend,
si_ddns_update,
si_dns_cache_hit_ratio,
si_dns_rpz_hits,
si_top_clients_per_domain,
si_top_timeout_queries,
si_top_servfail_sent_queries,
si_top_nxdomain_query, and
si_top_servfail_received_queries
Example: _default

date_hourSplunk Default field



date_mdaySplunk Default field



date_minuteSplunk Default field



date_monthSplunk Default field



date_secondSplunk Default field



date_wdaySplunk Default field



date_yearSplunk Default field



date_zoneSplunk Default field



display_nameSpecifies the DNS viewsi_dns_requested_domain,
si_dns_top_clients,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend,
si_dns_qps_trend,
si_ddns_update,
si_dns_cache_hit_ratio,
si_dns_rpz_hits,
si_top_clients_per_domain,
si_top_timeout_queries,
si_top_servfail_sent_queries,
si_top_nxdomain_query, and
si_top_servfail_received_queries
Example: default.MS-2016


eventtypeSplunk Default field



hostSplunk Default field



indexSplunk Default field



info_max_timeCommon summary index fields



info_min_timeCommon summary index fields



info_search_timeCommon summary index fields



linecountSplunk Default field



orig_hostSpecifies the host name of the data source
Example: infoblox.com
Splunk added default field
psrsvd_ct_COUNTHere, ct = count. It contains the count information for the COUNT field.si_dns_query_reply and si_dns_qps_trend

Splunk added special field
psrsvd_ct_LATENCYContains the count information for the LATENCY fieldsi_dns_response_latency_trend

Splunk added special field
psrsvd_ct_QCOUNTContains the count information for the QCOUNT field

si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend



Splunk added special field
psrsvd_gcHere, gc = group count. It indicates the count for stats grouping and it is not scoped to a single field.

si_dns_query_reply,
si_dns_response_latency_trend,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend, and
si_dns_qps_trend



Splunk added special field
psrsvd_nc_COUNTHere, nc = numerical count. It indicates the number of numerical values and contains the numerical count information for the COUNT field.si_dns_query_reply and
si_dns_qps_trend


Splunk added special field
psrsvd_nc_LATENCYContains the numerical count information for the LATENCY fieldsi_dns_response_latency_trend

Splunk added special field
psrsvd_nc_QCOUNTContains the numerical count information for the QCOUNT field

si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend



Splunk added special field
psrsvd_nx_QCOUNTHere, nx = maximum numerical value. It contains the maximum numerical value information for the QCOUNT field.

si_dns_member_qps_trend_per_hour and
si_dns_member_qps_trend_per_day



Splunk added special field
psrsvd_sm_COUNTHere, sm = sum. It contains the sum information for the COUNT field.

si_dns_query_reply and
si_dns_qps_trend



Splunk added special field
psrsvd_sm_LATENCYContains the sum information for the LATENCY field.si_dns_response_latency_trend

Splunk added special field
psrsvd_sm_QCOUNTContains the sum information for the QCOUNT field

si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend



Splunk added special field
psrsvd_sx_QCOUNTHere, sx = maximum lexicographical value.
It contains the maximum lexicographical value information for the QCOUNT field

si_dns_member_qps_trend_per_hour
and si_dns_member_qps_trend_per_day



Splunk added special field
psrsvd_vHere, v = version. This is not scoped to a single field.

si_dns_query_reply,
si_dns_response_latency_trend,
si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
si_dns_member_qps_trend, and
si_dns_qps_trend



Splunk added special field
psrsvd_vt_COUNTHere, vt = value type. It contains precision of the associated field.
This field contains precision of the COUNT field.
si_dns_query_reply and
si_dns_qps_trend


Splunk added special field
psrsvd_vt_LATENCYContains precision of the LATENCY fieldsi_dns_response_latency_trend

Splunk added special field
psrsvd_vt_QCOUNTContains precision of the QCOUNT field

si_dns_member_qps_trend_per_hour,
si_dns_member_qps_trend_per_day,
and si_dns_member_qps_trend



Splunk added special field
reportContains the name of the report that populates the summary index




DNS Scavenge Object Count Trend datasi_dns_reclaimed_object_count_trend



DNS Top Clients report datasi_dns_top_clients



DNS Replies Trend datasi_dns_query_reply



DNS Top SERVFAIL Errors Received Report datasi_top_servfail_received_queries



DNS Response Latency Trend datasi_dns_response_latency_trend



DNS Daily Peak Hour Query Rate by Member Report datasi_dns_member_qps_trend_per_hour



DNS Top NXDOMAIN / NOERROR (no data) Report datasi_top_nxdomain_query



DNS Daily Query Rate by Member Report datasi_dns_member_qps_trend_per_day



DNS Query Rate by Member Report datasi_dns_member_qps_trend



DNS Top Requested Domain Names Report datasi_dns_requested_domain



DNS Queries Per Second Trend datasi_dns_qps_trend



DNS Top SERVFAIL Errors Sent Report datasi_top_servfail_sent_queries



DDNS Update Rate Trend datasi_ddns_update



DNS Cache Hit Rate Trend datasi_dns_cache_hit_ratio



DNS Top Timed-Out Recursive Queries Report datasi_top_timeout_queries



DNS RPZ Hits Reports datasi_dns_rpz_hits



DNS Top Clients per Domain Report datasi_top_clients_per_domain


search_nameCommon summary index fields



search_nowCommon summary index fields



sourceSplunk Default field



sourcetypeSplunk Default field



splunk_serverSplunk Default field



splunk_server_groupSplunk Default field



timeendposCommon Extracted Fields



timestartposCommon Extracted Fields



Infoblox DHCP Summary

Extracted Field NameDescription of the fieldReportsValues/RangeSource of DataRemarks
ACTIONSpecifies the action
String. Example: IssuedInfoblox DHCP summary
DEVICE_CLASSSpecifies the device class
String. Example: Linux



DHCP_RANGESpecifies the DHCP range
Network range. Example: 10.0.0.1-10.0.0.200



EACommon Extracted fields



FPSpecifies the fingerprint data
String. Example: No MatchInfoblox DHCP summary
HWTYPECommon Extracted Fields



LEASED_IPSpecifies the lease IP address
IP addressInfoblox DHCP summary
MAC_DUIDSpecifies the MAC address
MAC addressInfoblox DHCP summary
MAX_DB_OBJECTSCommon Extracted Fields



MAX_DHCP_LPSCommon Extracted Fields



MAX_DNS_QPSCommon Extracted Fields



MEMBER_IPCommon Extracted Fields



ProtocolSpecifies the DHCP protocol
String. Example: IPV4Infoblox DHCP summary
SFPSpecifies the SFP
String. Example: Ubuntu/Debian 5/Knoppix 6



VIEWIt refers to the DNS view key to map the DNS view through lookup. See display_name field
String

date_hourSplunk Default field



date_mdaySplunk Default field



date_minuteSplunk Default field



date_monthSplunk Default field



date_secondSplunk Default field



date_wdaySplunk Default field



date_yearSplunk Default field



date_zoneSplunk Default field



dhcp_utilization_statusSpecifies the DHCP utilization status
StringInfoblox DHCP summary
display_nameSpecifies the DNS view
String



end_addressSpecifies the end IP address
IP addressInfoblox DHCP summary
eventtypeSplunk Default field



hostSplunk Default field



indexSplunk Default field



info_max_timeCommon summary index fields



info_min_timeCommon summary index fields



info_search_timeCommon summary index fields



linecountSplunk Default field



membersSpecifies the DHCP member
String. Example: infoblox.localdomainInfoblox DHCP summary
ms_serversSpecifies the MS servers
IP addressInfoblox DHCP summary
orig_hostSpecifies the host name of the data source
Example: infoblox.com
Splunk added default field

psrsvd_ct_FREE_
ADDRESSES

Specifies the count information for FREE_ADDRESSES fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_ct_dhcp_utilizationSpecifies the count for dhcp_utilization field

si_dhcp_range_utilization
_trend



Splunk added special field
psrsvd_ct_dynamic_hostsSpecifies the count for dynamic_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_ct_static_hostsSpecifies the count for static_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_ct_v4ackSpecifies the count for v4ack fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4declineSpecifies the count for v4decline fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4discoverSpecifies the count for v4discover fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4informSpecifies the count for v4inform fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseactiveSpecifies the count for v4leaseactive fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leasequerySpecifies the count for v4leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseunassignedSpecifies the count for v4leaseunassigned fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4leaseunknownSpecifies the count for v4leaseunknown fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4nakSpecifies the count for
v4nak field
si-search-dhcp-message

Splunk added special field
psrsvd_ct_v4offerSpecifies the count for v4offer fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4releaseSpecifies the count for v4release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v4requestSpecifies the count for v4request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6advertiseSpecifies the count for v6advertise fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6confirmSpecifies the count for v6confirm fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6declineSpecifies the count for v6decline fieldsi-search-dhcp-message

Splunk added special field

psrsvd_ct_v6information_
request

Specifies the count for v6information_request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6leasequerySpecifies the count for v6leasequery fieldsi-search-dhcp-message

Splunk added special field

psrsvd_ct_v6leasequery_
reply

Specifies the count for v6leasequery_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6rebindSpecifies the count for v6rebind fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6reconfigureSpecifies the count for v6reconfigure fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6relay_forwardSpecifies the count for v6relay_forward fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6relay_replySpecifies the count for v6relay_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6releaseSpecifies the count for v6release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6renewSpecifies the count for v6renew fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6replySpecifies the count for v6reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6requestSpecifies the count for v6request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_ct_v6solicitSpecifies the count for v6solicit fieldsi-search-dhcp-message

Splunk added special field
psrsvd_gcHere, gc = group count. The count for stats grouping and not scoped to a single field.




Splunk added special field

psrsvd_nc_FREE_
ADDRESSES

Specifies the numerical count for FREE_ADDRESSES fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_nc_dhcp_utilizationSpecifies the numerical count for dhcp_utilization fieldsi_dhcp_range_utilization_trend

Splunk added special field
psrsvd_nc_dynamic_hostsSpecifies the numerical count for dynamic_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_nc_static_hostsSpecifies the numerical count for static_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_nc_v4ackSpecifies the numerical count for v4ack fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4declineSpecifies the numerical count for v4decline fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4discoverSpecifies the numerical count for v4discover fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4informSpecifies the numerical count for v4inform fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseactiveSpecifies the numerical count for v4leaseactive fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leasequerySpecifies the numerical count for v4leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseunassignedSpecifies the numerical count for v4leaseunassigned fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4leaseunknownSpecifies the numerical count for v4leaseunknown fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4nakSpecifies the numerical count for v4nak fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4offerSpecifies the numerical count for v4offer fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4releaseSpecifies the numerical count for v4release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v4requestSpecifies the numerical count for v4request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6advertiseSpecifies the numerical count for v6advertise fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6confirmSpecifies the numerical count for v6confirm fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6declineSpecifies the numerical count for v6decline fieldsi-search-dhcp-message

Splunk added special field

psrsvd_nc_v6information_
request

Specifies the numerical count for v6information_request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6leasequerySpecifies the numerical count for v6leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6leasequery_replySpecifies the numerical count for v6leasequery_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6rebindSpecifies the numerical count for v6rebind fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6reconfigureSpecifies the numerical count for v6reconfigure fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6relay_forwardSpecifies the numerical count for v6relay_forward fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6relay_replySpecifies the numerical count for v6relay_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6releaseSpecifies the numerical count for v6release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6renewSpecifies the numerical count for v6renew fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6replySpecifies the numerical count for v6reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6requestSpecifies the numerical count for v6request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_nc_v6solicitSpecifies the numerical count for v6solicit fieldsi-search-dhcp-message

Splunk added special field

psrsvd_sm_FREE_
ADDRESSES

Specifies the sum for FREE_ADDRESSES fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_sm_dhcp_utilizationSpecifies the sum for dhcp_utilization fieldsi_dhcp_range_utilization_trend

Splunk added special field
psrsvd_sm_dynamic_hostsSpecifies the sum for dynamic_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_sm_static_hostsSpecifies the sum for static_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_sm_v4ackSpecifies the sum for v4ack fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4declineSpecifies the sum for v4decline fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4discoverSpecifies the sum for v4discover fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4informSpecifies the sum for v4inform fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseactiveSpecifies the sum for v4leaseactive fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leasequerySpecifies the sum for v4leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseunassignedSpecifies the sum for v4leaseunassigned fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4leaseunknownSpecifies the sum for v4leaseunknown fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4nakSpecifies the sum for v4nak fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4offerSpecifies the sum for v4offer fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4releaseSpecifies the sum for v4release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v4requestSpecifies the sum for v4request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6advertiseSpecifies the sum for v6advertise fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6confirmSpecifies the sum for v6confirm fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6declineSpecifies the sum for v6decline fieldsi-search-dhcp-message

Splunk added special field

psrsvd_sm_v6information_
request

Specifies the sum for v6information_request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6leasequerySpecifies the sum for v6leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6leasequery_replySpecifies the sum for v6leasequery_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6rebindSpecifies the sum for v6rebind fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6reconfigureSpecifies the sum for v6reconfigure fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6relay_forwardSpecifies the sum for v6relay_forward fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6relay_replySpecifies the sum for v6relay_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6releaseSpecifies th sum for v6release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6renewSpecifies the sum for v6renew fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6replySpecifies the sum for v6reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6requestSpecifies the sum for v6request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_sm_v6solicitSpecifies the sum for v6solicit fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vHere, v = version. This is not scoped to a single field.

si_dhcp_usage_trend,
si_dhcp_top_lease_client,
si_dhcp_range_utilization_trend,
si_dhcp_top_os_by_network, and
si-search-dhcp-message



Splunk added special field
psrsvd_vt_FREE_ADDRESSESContains precision of the FREE_ADDRESSES fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_vt_dhcp_utilizationContains precision of the dhcp_utilization fieldsi_dhcp_range_utilization_trend

Splunk added special field
psrsvd_vt_dynamic_hostsContains precision of the dynamic_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_vt_static_hostsContains precision of the static_hosts fieldsi_dhcp_usage_trend

Splunk added special field
psrsvd_vt_v4ackContains precision of the v4ack fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4declineContains precision of the v4decline fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4discoverContains precision of the v4discover fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4informContains precision of the v4inform fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseactiveContains precision of the v4leaseactive fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leasequeryContains precision of the v4leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseunassignedContains precision of the v4leaseunassigned fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4leaseunknownContains precision of the v4leaseunkown fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4nakContains precision of the v4nak fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4offerContains precision of the v4offer fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4releaseContains precision of the v4release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v4requestContains precision of the v4request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6advertiseContains precision of the v6advertise fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6confirmContains precision of the v6confirm fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6declineContains precision of the v6decline fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6information_requestContains precision of the v6information_request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6leasequeryContains precision of the v6leasequery fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6leasequery_replyContains precision of the v6leasequery_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6rebindContains precision of the v6rebind fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6reconfigureContains precision of the v6reconfigure fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6relay_forwardContains precision of the v6relay_forward fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6relay_replyContains precision of the v6relay_reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6releaseContains precision of the v6release fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6renewContains precision of the v6renew fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6replyContains precision of the v6reply fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6requestContains precision of the v6request fieldsi-search-dhcp-message

Splunk added special field
psrsvd_vt_v6solicitContains precision of the v6solicit fieldsi-search-dhcp-message

Splunk added special field
reportName of the report that is populating the summary index




DHCP Message Rate Trend datasi-search-dhcp-message



DHCPv4 Usage Trend datasi_dhcp_usage_trend



DHCP Top Lease Clients report datasi_dhcp_top_lease_client



Top Devices Denied an IP Address report datasi_devices_denied_an_ip_address



DHCPv4 Range Utilization Trendsi_dhcp_range_utilization_trend



Device and Device Classes reports datasi_dhcp_top_os_by_network


search_nameCommon summary index fields



search_nowCommon summary index fields



sourceSplunk Default field



sourcetypeSplunk Default field



splunk_serverSplunk Default field



splunk_server_groupSplunk Default field



start_addressSpecifies the start IP address
IP addressInfoblox DHCP summary
timeendposCommon Extracted Fields



timestartposCommon Extracted Fields



ViewSpecifies the network view
String. Example: defaultInfoblox DHCP summary

Infoblox DTC Summary

Extracted Field NameDescription of the fieldReportsValues/RangeSource of DataRemarks
EACommon Extracted Fields



HWTYPECommon Extracted Fields



MAX_DB_OBJECTSCommon Extracted Fields



MAX_DHCP_LPSCommon Extracted Fields



MAX_DNS_QPSCommon Extracted Fields



MEMBER_IPCommon Extracted Fields



date_hourSplunk Default field



date_mdaySplunk Default field



date_minuteSplunk Default field



date_monthSplunk Default field



date_secondSplunk Default field



date_wdaySplunk Default field



date_yearSplunk Default field



date_zoneSplunk Default field



eventtypeSplunk Default field



hostSplunk Default field



indexSplunk Default field



info_max_timeCommon summary index fields



info_min_timeCommon summary index fields



info_search_timeCommon summary index fields



linecountSplunk Default field



MonitorSpecifies the monitor
String. Example: httpsInfoblox DTC summary
orig_hostSpecifies the host name of the data source
Example: infoblox.com
Splunk added default field
poolSpecifies the Pool
String. Example: PoolInfoblox DTC summary
psrsvd_ct_availableSpecifies the count information for available field

si_adns_resource_pool_availability
and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_ct_response_countSpecifies the count information for response_count fieldsi_dtc_response_distribution

Splunk added special field
psrsvd_ct_unavailableSpecifies the count information for unavailable field

si_adns_resource_pool_availability
and
si_smart_dns_resource_availability



Splunk added special field
psrscd_ct_valueSpecifies the count information for value fieldsi_smart_dns_resource_snmp

Splunk added special field
psrsvd_gcHere, gc = group count. This is the count for stats grouping and it is not scoped to a single field.

si_dtc_response_distribution,
si_smart_dns_resource_snmp,
si_adns_resource_pool_availability,
and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_nc_availableSpecifies the numerical count information for available field

si_adns_resource_pool_availability
and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_nc_response_countSpecifies the numerical count information for response_count fieldsi_dtc_response_distribution

Splunk added special field
psrsvd_nc_unavailableSpecifies the numerical count information for unavailable field

si_adns_resource_pool_availability
and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_nc_valueSpecifies the numerical count information for value fieldsi_smart_dns_resource_snmp

Splunk added special field
psrsvd_sm_availableSpecifies the sum information for available field

si_adns_resource_pool_availability
and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_sm_response_countSpecifies the sum information for response_count fieldsi_dtc_response_distribution

Splunk added special field
psrsvd_sm_unavailableSpecifies the sum information for unavailable field

si_adns_resource_pool_availability and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_sm_valueSpecifies the sum information for value fieldsi_smart_dns_resource_snmp

Splunk added special field
psrsvd_vHere, v = version. This is not scoped to a single field.

si_dtc_response_distribution,
si_smart_dns_resource_snmp,
si_adns_resource_pool_availability, and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_vt_availableContains precision of the available field

si_adns_resource_pool_availability and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_vt_response_count
Contains precision of the response_count field
si_dtc_response_distribution

Splunk added special field
psrsvd_vt_unavailableContains precision of the unavailable field

si_adns_resource_pool_availability and
si_smart_dns_resource_availability



Splunk added special field
psrsvd_vt_valueContains precision of the value fieldsi_smart_dns_resource_snmp

Splunk added special field
reportName of the report that populates the summary index




DNS Traffic Control Response Distribution Trend datasi_dtc_response_distribution



DNS Traffic Control Resource Pool Availability reports datasi_adns_resource_pool_availability



DNS Traffic Control Resource SNMP reports datasi_smart_dns_resource_snmp



DNS Traffic Control Resource Availability reports datasi_smart_dns_resource_availability


resourceSpecifies the resource
String. Example: ServerInfoblox DTC summary
search_nameCommon summary index fields



search_nowCommon summary index fields



sourceSplunk Default field



sourcetypeSplunk Default field



splunk_serverSplunk Default field



splunk_server_groupSplunk Default field



timeendposCommon Extracted Fields



timestartposCommon Extracted Fields



Infoblox System Summary

Extracted Field NameDescription of the fieldReportsValues/RangeSource of DataRemarks
EACommon Extracted Fields



HWTYPECommon Extracted Fields



MAX_DB_OBJECTSCommon Extracted Fields



MAX_DHCP_LPSCommon Extracted Fields



MAX_DNS_QPSCommon Extracted Fields



MEMBERSpecifies the member
String. Example: infoblox.localdomain: inbound

MEMBER_IPCommon Extracted Fields



date_hourSplunk Default field



date_mdaySplunk Default field



date_minuteSplunk Default field



date_monthSplunk Default field



date_secondSplunk Default field



date_wdaySplunk Default field



date_yearSplunk Default field



date_zoneSplunk Default field



eventtypeSplunk Default field



hostSplunk Default field



indexSplunk Default field



info_max_timeCommon summary index fields



info_min_timeCommon summary index fields



info_search_timeCommon summary index fields



linecountSplunk Default field



orig_hostSpecifies the host name of the data source
Example: infoblox.com
Splunk added default field
psrsvd_ct_CPU_PERCENTSpecifies the count information for the CPU_PERCENT fieldsi_cpu_usage

Splunk added special field
psrsvd_ct_MEMORY_PERCENTSpecifies the count information for the MEMORY_PERCENT fieldsi_memory_utilization

Splunk added special field
psrsvd_ct_TRAF_VALUESpecifies the count information for TRAF_VALUE fieldsi_traffic_rate

Splunk added special field
psrsvd_gcHere, gc = group count. This is the count for a stats grouping and it is not scoped to a single field.

si_memory_utilization,
si_traffic_rate, and
si_cpu_usage



Splunk added special field
psrsvd_nc_CPU_PERCENTSpecifies the numerical count information for CPU_PERCENT fieldsi_cpu_usage

Splunk added special field
psrsvd_nc_MEMORY_PERCENTSpecifies the numerical count information for MEMORY_PERCENT fieldsi_memory_utilization

Splunk added special field
psrsvd_nc_TRAF_VALUESpecifies the numerical count information for TRAF_VALUE fieldsi_traffic_rate

Splunk added special field
psrsvd_sm_CPU_PERCENTSpecifies the sum for CPU_PERCENT fieldsi_cpu_usage

Splunk added special field
psrsvd_sm_MEMORY_PERCENTSpecifies the sum for MEMORY_PERCENT fieldsi_memory_utilization

Splunk added special field
psrsvd_sm_TRAF_VALUESpecifies the sum for TRAF_VALUE fieldsi_traffic_rate

Splunk added special field
psrsvd_vHere, v = version. This is not scoped to a single field.

si_memory_utilization,
si_traffic_rate, and
si_cpu_usage



Splunk added special field
psrsvd_vt_CPU_PERCENTContains precision of the CPU_PERCENT fieldsi_cpu_usage

Splunk added special field
psrsvd_vt_MEMORY_PERCENTContains precision of the MEMORY_PERCENT fieldsi_memory_utilization

Splunk added special field
psrsvd_vt_TRAF_VALUEContains precision of the TRAF_VALUE fieldsi_traffic_rate

Splunk added special field
reportSpecifies the name of the report that is populating the summary index




Index Disk Usage Report Datasi_index_disk_usage



Memory Utilization Trend datasi_memory_utilization



Traffic Rate by Member report datasi_traffic_rate



CPU Utilization Trend datasi_cpu_usage


search_nameCommon summary index fields



search_nowCommon summary index fields



sourceSplunk Default field



sourcetypeSplunk Default field



splunk_serverSplunk Default field



splunk_server_groupSplunk Default field



timeendposCommon Extracted Fields



timestartposCommon Extracted Fields



Infoblox Security Summary

Extracted Field NameDescription of the fieldReportsValues/RangeSource of DataRemarks
ACTIVE_COUNTSpecifies the active count
IntegerInfoblox security summary
BLOCK_ENDSpecifies the block end IP address
IntegerInfoblox security summary
BLOCK_STARTSpecifies the block start IP address
IntegerInfoblox security summary
DNST_CATEGORYSpecifies the destination category
String

EACommon Extracted Fields



HWTYPECommon Extracted Fields



MAX_DB_OBJECTSCommon Extracted Fields



MAX_DHCP_LPSCommon Extracted Fields



MAX_DNS_QPSCommon Extracted Fields



MEMBER_IPCommon Extracted Fields



NAT_STATUSSpecifies the NAT status
StringInfoblox security summary
RULE_DESCRIPTIONSpecifies the rule description
String. Example: This rule drops unexpected OSPF packets when OSPF is disabled.

RULE_NAMESpecifies the rule name
String. Example: DROP OSPF unexpected

RULE_SIDSpecifies the rule SID
IntegerInfoblox security summary
SOURCE_IPSpecifies the source IP
IP addressInfoblox security summary
SOURCE_PORTSpecifies the source port
IntegerInfoblox security summary
date_hourSplunk Default field



date_mdaySplunk Default field



date_minuteSplunk Default field



date_monthSplunk Default field



date_secondSplunk Default field



date_wdaySplunk Default field



date_yearSplunk Default field



date_zoneSplunk Default field



eventtypeSplunk Default field



hostSplunk Default field



indexSplunk Default field



info_max_timeCommon summary index fields



info_min_timeCommon summary index fields



info_search_timeCommon summary index fields



linecountSplunk Default field



orig_hostSpecifies the host name of the data source
Example: infoblox.com
Splunk added default field
reportName of the report that is populating the summary index




DNS Tunneling Activity Reports datasi_dns_tunneling_activity


search_nameCommon summary index fields



search_nowCommon summary index fields



sourceSplunk Default field



sourcetypeSplunk Default field



splunk_serverSplunk Default field



splunk_server_groupSplunk Default field



timeendposCommon Extracted Fields



timestartposCommon Extracted Fields




This page has no comments.