All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cisco IOS app is not showing any data

zoh
Explorer
‎06-01-2014 11:58 PM

I have data coming in sourcertype "syslog" and i have installed Cisco IOS and Technology add-on however i do not see any data in Cisco IOS application. How to troubleshoot the issue?

Sample log:
Jun 2 11:50:06 10.192.2.4 1203936: 4510-Switch: Jun 2 11:51:22.422: %LINK-3-UPDOWN: Interface GigabitEthernet8/3, changed state to up

0 Karma
Reply

dominik13
Engager
‎11-19-2014 05:11 PM

I'm having the a similar issue.

I have configured 2 source types that are receiving Data:
cisco:asa (udp 5514, used for ASA)
cisco_syslog (udp 514, used for the IOS devices)

I selected these from the drop-downs when I created the listeners (I didn't see 'syslog' in the drop-downs when creating the switch source type).

Since the TA is looking for the 'syslog' source-type, what modifications can I make so that it will find the cisco_syslog sourcetype and convert it?

0 Karma
Reply

mikaelbje
Motivator
‎06-11-2014 02:53 AM

Hi,

  1. The Technology Add-On should transform your "syslog" sourcetype to sourcetype "cisco:ios". You need to make sure the technology add-on is installed on the indexer. If you have a combined search head and indexer you install both the TA and the Cisco IOS app on that server. After you install the TA you need to restart the Splunk indexer
  2. The Cisco IOS app searches the "cisco:ios" sourcetype. It will not display any data for the "syslog" sourcetype.

Please post a screenshot of your results searching for that event. Include the "index" and "sourcetype" fields.

For your reference the sample log you posted matches the regex transform in the TA, which means the transform should work as long as the apps are installed as described in the documentation.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...