All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco IOS app: Why aren't any data or devices displayed?

vitasliu
New Member
‎08-18-2014 06:52 AM

hi, i have installed the cisco ios app and TA-cisco_ios on the index server and search server. Now i can receive some messages in the search head come from switch just like "Aug 18 20:39:51 172.16.50.254 222176: Aug 18 20:39:49: %MAC_MOVE-SW1_SP-4-NOTIF: Host f8bc.123b.5e74 in vlan 23 is flapping between port Po85 and port Po84", but the cisco ios app doesn't see any content to display. My index server and search server is splunk 6.0. Is there anything wrong with my configuration?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎08-18-2014 09:58 PM

Hi,

The latest version of the app relies heavily on the latest features of Splunk Data Models and requires Splunk 6.1 to show data in the initial overview page as well as a few other views. I'd suggest that you upgrade your search head to Splunk 6.1.3 and see if that helps.

Please rate my answer if it was helpful.

Regards,

Mikael

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎08-18-2014 09:58 PM

Hi,

The latest version of the app relies heavily on the latest features of Splunk Data Models and requires Splunk 6.1 to show data in the initial overview page as well as a few other views. I'd suggest that you upgrade your search head to Splunk 6.1.3 and see if that helps.

Please rate my answer if it was helpful.

Regards,

Mikael

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎08-20-2014 06:48 AM

I found the error!

I had an extraction for MACFLAP_NOTIF, but not for NOTIF. I fixed this up and also added mnemonic=NOTIF to the eventtype. Since a lot of the logging events vary between platforms it's hard to get correct extractions for all cases.

You can download the latest development version of TA-cisco_ios here:

https://github.com/inspired/TA-cisco_ios

0 Karma
Reply
Solved! Jump to solution

vitasliu
New Member
‎08-19-2014 07:10 PM

of course ,it shows full thing on event atcions that when use search index=* sourcetype=cisco:ios just like severity=medium vendor vendor_recommended action,facility=MAC-MOVE

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎08-19-2014 07:09 AM

Hmm, so when you search for index=* sourcetype=cisco:ios that particular event isn't shown?

0 Karma
Reply
Solved! Jump to solution

vitasliu
New Member
‎08-19-2014 07:05 AM

but mac flapping module still does't display any date when i use last 24hours to search ,i'm sure my switch last day send many flapping messages to splunk server just like "Aug 18 20:39:51 172.16.50.254 222176: Aug 18 20:39:49: %MAC_MOVE-SW1_SP-4-NOTIF: Host f8bc.123b.5e74 in vlan 23 is flapping between port Po85 and port Po84". is there anything i need to notice ?

0 Karma
Reply
Solved! Jump to solution

vitasliu
New Member
‎08-19-2014 07:03 AM

thanks, after upgrade ,it see something in the apps.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top