All Apps and Add-ons

Cisco Networks Add-on warning in splunkd.log


There is a very noisy warning generated from Cisco Networks Add-on found in splunkd.log

SearchResults - Corrupt csv header in /opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv, contains empty value (col #2)

This is caused by a comma at the end of the file (/opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv):


This is probably a setup issue on our end, but is it possible to ship the TA without the commas at the end?

Splunk Employee
Splunk Employee

The format lookup csv file shipped with the app is invalid. (it has one empty column)

Until the app is fixed, a simple workaorund method to export the lookup, and save it back in the proper format :

| inputlookup cisco_ios_acl_excluded_ips.csv | outputlookup cisco_ios_acl_excluded_ips.csv


Fixed in my git repo available at

Just use the TA from that URL.

This file is actually supposed to be edited for your environment in case you want to exclude particular IP ranges (internal ones in particular) from being shown in one of the dashboards.

On holidays currently so no time to create a new release.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!