Re: Cisco Networks Add-on warning in splunkd.log

TonyLeeVT · ‎03-10-2016

There is a very noisy warning generated from Cisco Networks Add-on found in splunkd.log

SearchResults - Corrupt csv header in /opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv, contains empty value (col #2)

This is caused by a comma at the end of the file (/opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv):

src_ip,
127.0.0.1,

This is probably a setup issue on our end, but is it possible to ship the TA without the commas at the end?

yannK · ‎10-20-2016

The format lookup csv file shipped with the app is invalid. (it has one empty column)

Until the app is fixed, a simple workaorund method to export the lookup, and save it back in the proper format :

| inputlookup cisco_ios_acl_excluded_ips.csv | outputlookup cisco_ios_acl_excluded_ips.csv

mikaelbje · ‎03-15-2016

Fixed in my git repo available at github.com/inspired/TA-cisco_ios

Just use the TA from that URL.

This file is actually supposed to be edited for your environment in case you want to exclude particular IP ranges (internal ones in particular) from being shown in one of the dashboards.

On holidays currently so no time to create a new release.

Cisco Networks Add-on warning in splunkd.log

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Join the Conversation

Cisco Networks Add-on warning in splunkd.log

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4