All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cisco IOS app is not showing any data

zoh
Explorer
‎06-01-2014 11:58 PM

I have data coming in sourcertype "syslog" and i have installed Cisco IOS and Technology add-on however i do not see any data in Cisco IOS application. How to troubleshoot the issue?

Sample log:
Jun 2 11:50:06 10.192.2.4 1203936: 4510-Switch: Jun 2 11:51:22.422: %LINK-3-UPDOWN: Interface GigabitEthernet8/3, changed state to up

0 Karma
Reply

dominik13
Engager
‎11-19-2014 05:11 PM

I'm having the a similar issue.

I have configured 2 source types that are receiving Data:
cisco:asa (udp 5514, used for ASA)
cisco_syslog (udp 514, used for the IOS devices)

I selected these from the drop-downs when I created the listeners (I didn't see 'syslog' in the drop-downs when creating the switch source type).

Since the TA is looking for the 'syslog' source-type, what modifications can I make so that it will find the cisco_syslog sourcetype and convert it?

0 Karma
Reply

mikaelbje
Motivator
‎06-11-2014 02:53 AM

Hi,

  1. The Technology Add-On should transform your "syslog" sourcetype to sourcetype "cisco:ios". You need to make sure the technology add-on is installed on the indexer. If you have a combined search head and indexer you install both the TA and the Cisco IOS app on that server. After you install the TA you need to restart the Splunk indexer
  2. The Cisco IOS app searches the "cisco:ios" sourcetype. It will not display any data for the "syslog" sourcetype.

Please post a screenshot of your results searching for that event. Include the "index" and "sourcetype" fields.

For your reference the sample log you posted matches the regex transform in the TA, which means the transform should work as long as the apps are installed as described in the documentation.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...