• State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 1261 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Switchport IP's/Mac address report

jpak26

Is there a way to have a report listing a switches ports and the mac address/IP's associated with each port? I can see them when going to a specific node summary page under port details but can't seem to find a way to export the data.

Also is this data able to be sent to Splunk via API?

  • 0

    You may find the info you are looking for in the table Orion.NPM.OrionSwitchPortMapping

    It contains these fields: 

    SourceName, SourceNodeID, SourceIPAddress, SourcePortDescription, SourcePortName, SourcePortAlias, SourcePortType, SourcePortState, SourcePortAdminStatus, SourcePortSpeed, SourcePortIndex, SourceMACAddress, SourceInterfaceID, MappedIPAddress, MappedHostName, MappedNodeID, MappedPortDescription, MappedPortName, MappedPortAlias, MappedPortType, MappedPortState, MappedPortAdminStatus, MappedPortSpeed, MappedPortIndex, MappedMACAddress, MappedInterfaceID, LastSeen, DisplayName, Description, InstanceType, Uri, InstanceSiteId
    You could definitely get this data into Splunk via the API
  • 0 in reply to bobmarley

    Thanks Bob. I'm not seeing any data populate when trying a some of those fields.

  • 0

    Here is a SWQL query you can use.

    SELECT TOP 1000 SourceName, SourceIPAddress, SourcePortName, SourcePortAlias, SourcePortType,  MappedIPAddress, MappedHostName, MappedPortDescription, MappedPortName, MappedPortAlias, MappedMACAddress, LastSeen
FROM Orion.NPM.OrionSwitchPortMapping
--Where SourceName LIKE '%YourNodeNameHere%'
Order BY SourceName,  SourcePortName DESC

  • 0 in reply to bobmarley

    Hmm so that works when I use a custom query for the report data source, but doesn't seem to work when choosing specific nodes. Is that expected? 

  • 0 in reply to bobmarley

    Looks like this data is actually from the switch not the client IP/Mac. Is there any UDT tables to pull endpoint data?

  • 0 in reply to jpak26

    Here is a new query that selects all records instead of just the first 1000. That may fix your issue with selecting nodes. Also added the source mac address so you will have both the network device and client's MAC in the report. 

    SELECT SourceName, SourceIPAddress, SourcePortName, SourcePortAlias, SourcePortType, SourceMACAddress, MappedIPAddress, MappedHostName, MappedPortDescription, MappedPortName, MappedPortAlias, MappedMACAddress, LastSeen
FROM Orion.NPM.OrionSwitchPortMapping
--Where SourceName LIKE '%YourNodeNameHere%'
Order BY SourceName,  SourcePortName DESC

  • 0 in reply to jpak26

    UDT_Endpoint and UDT_EndpointIP.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.