There are two Cisco devices; I call them “1st IP” and “2nd IP” hereafter.
I have managed to configured and send syslog of “1st IP” to Splunk. Please see following 2 screenshots.
Now i would like to another Cisco device, i.e. “2nd IP” to Splunk, by adding the “2nd IP”. It turned out to be weird to me.
All i wanted is something like this by always using soucetype:cisco, if possible:
UDP port---------------------souce type
192.168.1stIP:514-------- cisco
192.168.2ndIP:514--------cisco