I am attempting to run Splunk App for Cisco UCS, I am attempting to use the syslog plug in. I have a deployment server, a search head server and three indexers. I have installed the SplunkAppForCiscoUCS app via a deployment server to the Search Head, and I have enabled the Splunk_TA_CiscoUCS_Syslog addon. My ucs is currently sending the syslog information to my search head.
I have a few questions on how this works from there.
Do I need to set up a index for "cisco_ucs" in my indexes.conf?
Do I need to also install the Splunk_TA_CiscoUCS_Syslog to each indexer?
Do I need to set up a UDP listener on my search head?
... View more