- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Cisco IOS app: Why aren't any data or devices disp...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi, i have installed the cisco ios app and TA-cisco_ios on the index server and search server. Now i can receive some messages in the search head come from switch just like "Aug 18 20:39:51 172.16.50.254 222176: Aug 18 20:39:49: %MAC_MOVE-SW1_SP-4-NOTIF: Host f8bc.123b.5e74 in vlan 23 is flapping between port Po85 and port Po84", but the cisco ios app doesn't see any content to display. My index server and search server is splunk 6.0. Is there anything wrong with my configuration?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The latest version of the app relies heavily on the latest features of Splunk Data Models and requires Splunk 6.1 to show data in the initial overview page as well as a few other views. I'd suggest that you upgrade your search head to Splunk 6.1.3 and see if that helps.
Please rate my answer if it was helpful.
Regards,
Mikael
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The latest version of the app relies heavily on the latest features of Splunk Data Models and requires Splunk 6.1 to show data in the initial overview page as well as a few other views. I'd suggest that you upgrade your search head to Splunk 6.1.3 and see if that helps.
Please rate my answer if it was helpful.
Regards,
Mikael
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the error!
I had an extraction for MACFLAP_NOTIF, but not for NOTIF. I fixed this up and also added mnemonic=NOTIF to the eventtype. Since a lot of the logging events vary between platforms it's hard to get correct extractions for all cases.
You can download the latest development version of TA-cisco_ios here:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
of course ,it shows full thing on event atcions that when use search index=* sourcetype=cisco:ios just like severity=medium vendor vendor_recommended action,facility=MAC-MOVE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm, so when you search for index=* sourcetype=cisco:ios that particular event isn't shown?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
but mac flapping module still does't display any date when i use last 24hours to search ,i'm sure my switch last day send many flapping messages to splunk server just like "Aug 18 20:39:51 172.16.50.254 222176: Aug 18 20:39:49: %MAC_MOVE-SW1_SP-4-NOTIF: Host f8bc.123b.5e74 in vlan 23 is flapping between port Po85 and port Po84". is there anything i need to notice ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, after upgrade ,it see something in the apps.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
