Skip to content

Home

Jump to bottom
doksu edited this page Feb 2, 2018 · 2 revisions

TA-macvendor

MAC Address Vendor Scripted Lookup for Splunk

This app provides a scripted lookup to resolves MAC addresses to their manufacturer locally using python's netaddr library (https://pypi.python.org/pypi/netaddr/) and requires no configuration. Simply install the app on your search head and use like so: ... | lookup lookup macvendor mac AS src_mac OUTPUT vendor AS src_mac_vendor

OVERVIEW

  • Release notes
  • Support and resources

INSTALLATION AND CONFIGURATION

  • Requirements
  • Installation
  • Configuration

USAGE

OVERVIEW

Release notes

About this release

Version 0.1.* of TA-macvendor is compatible with:

Splunk Enterprise versions 6.3+
Platforms Platform independent
Lookup file changes None
Fixed issues
  • None
Known issues
  • None

Support and resources

Please post questions at https://answers.splunk.com, however this app is provided as is with no warranty, implied or otherwise; please see the LICENSE document for more information. Feedback about possible improvements and good news stories of how this app has helped your organisation are most welcome.

INSTALLATION AND CONFIGURATION

Requirements

Hardware requirements

  • None

Software requirements

To function properly, TA-macvendor requires the following software:

  • Splunk Enterprise 6.3+

Installation

Simply install this app on your search head/s.

N.B. If you receive an error from the indexer servers in a search when using the lookup immediately after installation of the app, please wait a few minutes for bundle replication then the error will disappear.

Configuration

No configuration is required.

Usage

The macvendor lookup can be used like so:

... | lookup lookup macvendor mac AS src_mac OUTPUT vendor AS src_mac_vendor
Clone this wiki locally