This works very well for me on an RT-AC87U router but after many tweaks. Usually the tweak was simply forcing the sourcetype=asus. I am impressed by your query abilities. I only had to launch a panel's query to figure out how to tweak the XML for my particular environment. I then customized the IPTables running config on the stock ASUS IOS to log OUTPUT events.
Thanks for all your hard work,
Can you add instructions or specifics on HOW you "customized the IPTables running config on the stock ASUS IOS to log OUTPUT events"?
please and thank you..
I have successfully configured everything within the Splunk Home app and my Asus RT-AC3200 router to receive the default system logs and errors. I have even ssh to the router and enabled debugging level logging 7. But I am not receiving any of the Statistics or Traffic Monitoring data from the Traffic Analyzer tab within the stock firmware on the Asus router. I'm on Firmware Version:22.214.171.124.380_7743
I can help you out, just send me some sample data and we can work out any issues you might be having. I've been working on some tweaks of my own to help simplify the on-boarding process along with a video on getting the data into the app. I made some assumptions on how people setup their home networks and what I did was look at the hostname of the router and base the source type on that name. For example, if your router is named asus.homenetwork.com, and you sent your data in via syslog, it would automatically source type it from syslog to asus.
Let me know if you need any additional help.