There is a very noisy warning generated from Cisco Networks Add-on found in splunkd.log
SearchResults - Corrupt csv header in /opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv, contains empty value (col #2)
This is caused by a comma at the end of the file (/opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv):
This is probably a setup issue on our end, but is it possible to ship the TA without the commas at the end?
The format lookup csv file shipped with the app is invalid. (it has one empty column)
Until the app is fixed, a simple workaorund method to export the lookup, and save it back in the proper format :
| inputlookup cisco_ios_acl_excluded_ips.csv | outputlookup cisco_ios_acl_excluded_ips.csv
Fixed in my git repo available at github.com/inspired/TA-cisco_ios
Just use the TA from that URL.
This file is actually supposed to be edited for your environment in case you want to exclude particular IP ranges (internal ones in particular) from being shown in one of the dashboards.
On holidays currently so no time to create a new release.