- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Some devices are not indexing, after upgrade 10.5.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some devices are not indexing, after upgrade 10.5.
Hi. Some devices are not indexing, after upgrade 10.5.
I saw that when disable the app, my devices begin indexing.
Ex: Devices like Cisco Catalyst 6500.
Can you help-me ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Sounds like your events are indexing, but not matched correctly by the regex.
Cou*ld you please do the following:
- Identify the device that is not matched*
- Search it using index=* host=HOSTNAME_OF_DEVICE
- Send me the raw event that was not matched so that I can investigate it further
The input you have provided me so far is not enough alone to troubleshoot your issue, so always include a sample log event.
Mikael
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perfect. Now is running correctly!!!
Thanks! 😃
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So change your user/role to search the ios index by default, then you won't have to specify index=ios
Please remember to vote the answer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok,the search index=ios sourcetype=cisco:ios is running correctly. This search showed all devices events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, so please try the following search:
index=ios sourcetype=cisco:ios
Does that return anything?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed the Technology Add-on. Search using index=* host=HOSTNAME_OF_DEVICE is running correctly, after reboot my server. Using search index=ios are showed the devices. But, using search sourcetype="cisco:ios" is not running.
I have devices with sourcetype="syslog". When disable the APP Cisco IOS, my devices are showed in the search sourcetype="syslog".
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I tested your events against the regex and they match.
Could you please provide a screenshot of the whole search window?
Did you install the Technology Add-On?
Did you make sure your user/role searches in the ios index by default?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear, Mikael.
The raw events are below.
Apr 9 17:20:30 192.168.10.251 170: 000145: Apr 9 17:20:34.451 GMT-3: %PARSER-5-CFGLOGLOGGEDCMD: User:admin logged command:shutdown Apr 9 17:20:30 192.168.10.251 169: 000144: Apr 9 17:20:34.447 GMT-3: %PARSER-5-CFGLOGLOGGEDCMD: User:admin logged command:shutdown Apr 9 17:20:24 192.168.10.251 168: 000143: Apr 9 17:20:28.691 GMT-3: %PARSER-5-CFGLOGLOGGEDCMD: User:admin logged command:switchport mode access Apr 9 16:06:58 192.168.10.251 157: 000132: Apr 9 16:07:04.059 GMT-3: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.10.111)
[]'s
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
