All Apps and Add-ons

Cisco Networks Add-on warning in splunkd.log

TonyLeeVT
Builder

There is a very noisy warning generated from Cisco Networks Add-on found in splunkd.log

SearchResults - Corrupt csv header in /opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv, contains empty value (col #2)

This is caused by a comma at the end of the file (/opt/splunk/etc/apps/TA-cisco_ios/lookups/cisco_ios_acl_excluded_ips.csv):

src_ip,
127.0.0.1,

This is probably a setup issue on our end, but is it possible to ship the TA without the commas at the end?

yannK
Splunk Employee
Splunk Employee

The format lookup csv file shipped with the app is invalid. (it has one empty column)

Until the app is fixed, a simple workaorund method to export the lookup, and save it back in the proper format :

| inputlookup cisco_ios_acl_excluded_ips.csv | outputlookup cisco_ios_acl_excluded_ips.csv

mikaelbje
Motivator

Fixed in my git repo available at github.com/inspired/TA-cisco_ios

Just use the TA from that URL.

This file is actually supposed to be edited for your environment in case you want to exclude particular IP ranges (internal ones in particular) from being shown in one of the dashboards.

On holidays currently so no time to create a new release.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...