Cisco Networks App - Access Points Not Showing

blyons_splunk · ‎09-07-2017

I have switches, WLC and APs sending syslog to rsyslog.

Splunk is monitoring the folders and ingesting data properly (sourcetype for all 3: cisco:ios).

The IOS devices and the WLC are showing up in the overview, but not the APs.

Also, none of the detail dashboards have any info. Any idea what I might be missing?

SergeyMk · ‎06-05-2018

Hello, I don't have any logs seen in Cisco Network. But in simple search engine I see them. Where is a problem?

mikaelbje · ‎09-18-2017

Hi,

Make sure whatever index you are storing your data in is searchable by default. That should sort the issue with no data in the panels.

The app tries to determine if the event is from an IOS, WLC or AP based on the fields it finds. For standalone APs this is based on the ap_mac field. A number of factors may make it hard for the app to determine this correctly as the events are basically the same format regardless of IOS, AP or WLC.

Please post a few raw events and I'll try to spot the issue.

blyons_splunk · ‎09-18-2017

I just verified that the indexes are/were searchable by default.

None of the APs are standalone, though. They are all managed through the WLC.

mikaelbje · ‎09-18-2017

Ok, as far as I remember the AP section only works for standalone APs. Please post a few raw events and I'll check it.

blyons_splunk · ‎09-08-2017

UPDATE:

WAPs are showing up in the IOS section. How does the app determine which is which??

Cisco Networks App - Access Points Not Showing

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM