All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the Cisco Networks App for Splunk Enterprise not parsing data?

pierrejordonnel
Explorer
‎07-28-2015 06:27 AM

Maybe someone can help me with this. I followed the instructions and changed my sourcetype to syslog since I do not have any sourcetype built for cisco:ios. I have yet to see any data even though I have tons of data coming in. Can anyone please help me figure out what I'm currently doing wrong?

Any and all help is appreciated

--Pierré

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎07-28-2015 07:38 AM

Hi,

  1. Do you see anything if you try this search: index=* sourcetype=cisco:ios . If so, change your permissions to search whatever index you put your data in to be searched by default
  2. Did you install both the app and the add-on on the search head? Add-on on the indexer
  3. Can you provide me with some log samples of the raw data as you see it in Splunk in the current syslog sourcetype?

View solution in original post

Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎07-28-2015 07:38 AM

Hi,

  1. Do you see anything if you try this search: index=* sourcetype=cisco:ios . If so, change your permissions to search whatever index you put your data in to be searched by default
  2. Did you install both the app and the add-on on the search head? Add-on on the indexer
  3. Can you provide me with some log samples of the raw data as you see it in Splunk in the current syslog sourcetype?
Reply
Solved! Jump to solution

pierrejordonnel
Explorer
‎07-28-2015 09:08 AM

It started to pick up information in the sourcetype=cisco:ios. I think I figured out the issue. I thought that there was no add-on due to only reading the title. I have added the add-on and that fixed it. Thanks for responding to me so quickly Mike.

Reply
Solved! Jump to solution

mikaelbje
Motivator
‎07-28-2015 10:35 AM

Great! No problem 🙂 I'd be happy if you could give the app and add-on a rating after you've tried them out for a while 🙂

0 Karma
Reply
Solved! Jump to solution

pierrejordonnel
Explorer
‎07-28-2015 08:38 AM

It looks like it started to pull data after I restarted the splunk search head. It apparently only see's port flappings but not unique devices and other issues that are probably being reported by my cisco devices.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...