Could someone help me find an app for Splunk that ...

melarnell · ‎09-13-2022

Hello everyone,

I was curious if someone could help me finding an app for splunk that will provide syslogs of my cisco network gear? (IE if someone changes a vlan or shuts a port) I can look up their user name or switch name, and it will provide me the time stamp, command that was ran and who did it

I used this a a prior employer and want to get this implements where I am employed now. This was good when there were outages and no one spoke up, accountability and training.

chaker · ‎09-14-2022

A good idea is to have a test/dev environment, so that you can test the outcome before putting the config into production.

Perhaps the app you are refering to is this one?

https://splunkbase.splunk.com/app/1352/#/overview

You can use a 60day Splunk trial to experiment with the cisco data and apps, or you may also consider applying for a developer license.

https://dev.splunk.com/enterprise/dev_license

chaker · ‎09-13-2022

Have you searched Splunkbase for add-ons to support the equipment in question?

https://splunkbase.splunk.com/apps/#/search/cisco/product/all

Here is the ASA addon for example, which will normalize change events

https://docs.splunk.com/Documentation/AddOns/released/CiscoASA/DataTypes

https://splunkbase.splunk.com/app/1620/#/details

melarnell · ‎09-14-2022

@chaker I did look though the product page, but not sure which Cisco one has the feature I am looking for. There are a few and I don't want to provide the team at my company to try each app until we get the right one, if it can be avoided.

Could someone help me find an app for Splunk that will provide syslogs of my Cisco network gear?

dashboard

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms