All Apps and Add-ons

AVI logs don't appear to be forwarding to Splunk

New Member

We would like to use the AVI Networks App for Splunk which I’m aware requires use of the associated Add-on.

We are using AVI Vantage platform version 18.2.5.
We are using Splunk Enterprise version 7.2.6.

I have used these sources to find out how to configure the add-on:

I have created an AVI Vantage analytics profile with the following log streaming settings. I have used the defaults for all values with the following exceptions:

alt text

This is output from the command 'ss -tuw' on one of the AVI controllers:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0
tcp ESTAB 0 0
tcp ESTAB 0 0

Netcat output from AVI controller (nc -z -v 9998)
Connection to 9998 port [tcp/*] succeeded!

I’ve created a Splunk TCP data input as follows (/opt/splunk/etc/apps/TA-avi-vantage-add-on/local/inputs.conf):
connection_host = ip
index = avi-data
sourcetype = syslog

After creating the input, I restarted Splunk. I can see that splunkd is listening on the port (sudo lsof -i -P -n | grep LISTEN)
splunkd 23104 splunk 65u IPv4 957961696 0t0 TCP *:9998 (LISTEN)

Splunk has not received any data from AVI into Splunk and am wondering if you are aware of some steps I may have missed or if there are some tips you can offer to get this working. Does something need to be restarted on the AVI controller or in the UI?

0 Karma

New Member

Here are nmap results from the Splunk server.

Starting Nmap 6.40 ( ) at 2020-03-18 02:24 UTC
Nmap scan report for (
Host is up (0.00033s latency).
Not shown: 1951 closed ports, 42 open|filtered ports
22/tcp open ssh
80/tcp open http
443/tcp open https
5054/tcp open rlm-admin
8443/tcp open https-alt
123/udp open ntp
161/udp open snmp
MAC Address: 0E:A0:18:4C:8E:C9 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see ).
TCP/IP fingerprint:

0 Karma
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...