All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco IOS and Cisco Security Suite: Why Cisco devices and data are not displayed?

bradthoms
Engager
‎08-14-2014 10:21 AM

Hello,

I currently have numerous Cisco devices sending syslog to my Splunk Server (Under Search > Data Summary and manually select each IP). I have installed the Cisco IOS App and the Cisco Security Suite App. However, none of the Cisco data displays in there at all. When I select Devices, it shows 0. Essentially I would like to have a dashboard page that displays all of the devices on it. Is there a way to complete this and setup a dashboard page allowing you to drill down into each device, rather than have to manually check each Cisco device from Searching and Reporting > Data Summary > Select the IP to view to Syslog messages? Thanks.

Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎08-14-2014 12:28 PM

I'm the author of the Cisco IOS app. You need both the Cisco IOS app and the Technology Add-On for Cisco IOS on your server. The Tech addon also needs to be installed on your indexer if you have a dedicated indexer. The syslog UDP input needs to have sourcetype set to "syslog" or "cisco:ios". This is documented in the README file that comes with the app as well as in the docs on Splunk Apps.

The Cisco IOS app has nothing to do with the Cisco Security Suite which covers other Cisco apps and is developed by Splunk.

Please rate my answer if you find it helpful.

Regards,
Mikael

View solution in original post

Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎08-14-2014 12:28 PM

I'm the author of the Cisco IOS app. You need both the Cisco IOS app and the Technology Add-On for Cisco IOS on your server. The Tech addon also needs to be installed on your indexer if you have a dedicated indexer. The syslog UDP input needs to have sourcetype set to "syslog" or "cisco:ios". This is documented in the README file that comes with the app as well as in the docs on Splunk Apps.

The Cisco IOS app has nothing to do with the Cisco Security Suite which covers other Cisco apps and is developed by Splunk.

Please rate my answer if you find it helpful.

Regards,
Mikael

Reply
Solved! Jump to solution

oskomorokhov
Explorer
‎11-19-2014 08:06 AM

Hi Mikael,

I'm currently facing an issue with Cisco IOS app : i've created UDP input (port 514) having cisco:ios sourcetype set.
Everything works fine for about 2 weeks, but then all logs from the search are getting reassigned with source /var/log/syslog-ng/syslog-ng.log and sourcetype syslog (default) instead of udp:514 and cisco:ios respectively.

This drops all the additional info provided by cisco ios app from the logs.
I have to disable and re-enable my udp input and then it works fine again for the same period of time.

Can you please give me a direction to troubleshoot this?

Regards,
Oleg.

0 Karma
Reply
Solved! Jump to solution

bradthoms
Engager
‎08-14-2014 01:50 PM

Thanks much Mikael, that seems to be pulling all of the data into the Cisco IOS App

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...