Why is the Splunk Web service not running after an upgrade to 6.2? Learn more »
Assuming the information is actually available, sure. But you need to drop a little more detail on us. The assumption would have to be that there is something that can tie the IP address in the proxy server logs to a logged-in user at the machine that is assigned the IP in the proxy logs themselves.
The clearest solution is to have the proxy require authentication. If you can't do that, then you need to be able to know who is logged into a given machine at a given time. With a multi-user system, like a Windows Terminal Server or any Unix machine this is far more difficult.
I think you need to figure out what data you have available to you before you can begin to try to piece together a solution.
what kind of IP? Public?internal? internal from dhcp?
Here an example of dns lookup dns lookup external script