I'm new to Splunk and was attempting to complete a quick deployment using network devices. I'm unable to get the Cisco Networks App to display any data. I'm not sure what I'm overlooking.
Software Versions:
Cisco Networks Add-on: 2.5.4
Cisco Networks (App): 2.5.4
Splunk: Free version 7.1
Procedure:
1) Splunk is operational.
2) Cisco App/Addon > Browse more apps > install both app and addon
EDIT: Restart of Splunk is completed.
3) Configure Data Input: UDP 514 > Source Type cisco:ios > App Context: Cisco Networks (cisco_ios) > Index: Default or Custom created. > Submit.
Performing either of the below searches provides syslog traffic (tested with Real-Time for firewall syslogs and results are flowing).
Queries:
source="udp:514"
sourcetype="cisco:ios"
Update 2018-05-28:
@rich7177: The service requests a restart after installation of the apps. Restarts were conducted after the installation as well as after configuration of the data input.
@xpac: As mentioned, I'm using my firewall to send syslogs (UDP/514) . These transactions have already been confirmed successful when entering the above queries.
... View more