The Devices tab provides information on devices associated with DNS activity hitting the web filters assigned to a policy on your network. To export the Devices table data in csv format, click Export. The default file name is dns-activity_devices.csv. Exported data is limited to 5010,000 records.
Performing Search Queries
...
- query=domain.*AND device=52.123*
- device=office1.domain OR device=office2.domain.com
- dns_view=example-view AND query_type=A
(source=‘BloxOne ‘Infoblox Endpoint’ OR source“example 1”) AND device=52.123*
Search by the query fields matches values by subdomains. E.g. query = domain.com
matches
'domain.com', 'office.domain.com', 'space.office.domain.com
...
- DEVICE NAME: The name of the device being used when the event was triggered.
- REQUESTS: The request type. Clicking the number of requests in the REQUESTS column associated with a device name, allows you to pivot off the record and display all DNS events associated with the device name.
- USER: The user that triggered the hit. For remote offices, the portal displays Unknown for these users.
- SOURCE: The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
- DHCP FINGERPRINT: The unique identifier that was formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
- OS VERSION: The version of the device's operating system making the request.
MAC ADDRESS: The detected MAC address of the device.
Note title Note You can add and remove custom fields by clicking on the icon located in the top, right-hand corner of the table, and selecting or deselecting which custom fields you want to view. All fields can be selected or deselected, or they can be returned to the default configuration by clicking Restore to default GRID setting.
Export Records
Click Export to download a CSV file of report records. The maximum number of exported DNS Devices report records is 10,000.