Hi
This is our issue :
We have two different groups : Datacenter and Backbone and each have their own cisco devices and they are sending their syslog to splunk. We decided to differentiate the log like this : Datacenter sends the log to UDP 514 and Backbone sends it to UDP 515 and each group has their own index and the logs of these groups will reside in different indexes.
Now the problem is the Cisco App that I found in splunk base. This is a great app and we want to use this for these two groups and access them to monitor their devices without access to other group devices.
How can we do this (two different groups and two different indexes)?
... View more