All Apps and Add-ons
Highlighted

How do I install the Cisco Networks app and get it up and running?

New Member

How do I install cisco network app and get it up and running?

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Motivator

I suspect you only have a single server Splunk instance. In this case add a new UDP input on port 514 and set sourcetype as "syslog". Leave source blank.

Next step is to install the Cisco Networks app and Cisco Networks add-on. This is done through Apps - Manage apps. The Cisco Networks app contains a Help page with information avout what you should configure on your Cisco devices.

If you need help installing apps in general I would recommend that you consult the Splunk Enterprise documentation at docs.splunk.com.

For distributed environments there are various ways you can collect the logs. I won't get into detail here, but for a best practice configuration you normally receive the logs with a Syslog daemon and forward the logs to your Splunk indexers with a Universal Forwarder. A Splunk consultant can help you get this set up properly. There's also good examples in the Splunk docs.

Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

New Member

Does this app need smart call home to work?

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Motivator

No, not at all. Smart Call Home is only needed if you want to collect inventory data from your devices. Syslog suffices for most uses.

I'll clarify that in the docs.

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

New Member

ok, i have it installed correctly and udp is open but search data not being populated in the app

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Motivator

What if you do a manual search for:

index=* sourcetype=cisco:ios OR sourcetype=syslog

Do you see any data? Is the sourcetype syslog or cisco:ios? If it's syslog please paste the raw event here for me to see. If it's cisco:ios check the index. If the index is something else than main you need to go to Settings - access controls - roles - user rolec- indexes searched by default - add your index

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

New Member

Hi Mikael,
We have installed this app but not seeing any results on dashboards. I have changed default index=network_syslog to replicate ours.
I have tried running this dashboard searches with our index name and source(syslog) but it doesnot come back with results though we have data for

index=network_syslog sourcetype=syslog results are displayed

index=networksyslog sourcetype=syslog eventtype="ciscoios-ipsla" | eval state=case(stateto == "Up", 1, stateto == "Down", -1) | strcat dvc " " ipslaid dvcipslaid | timechart avg(state) AS state BY dvcipslaid | fillnull value=0 no results founds

Do we need to configure anything on routers or network devices?

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Motivator

Hmm, try not setting source as syslog for your UDP input. Leave source empty. Sourcetype however can be set to syslog. Paste the event's contents as you see it in Splunk. Also let me know the sourcetype and source it shows up with. I'll run that through a regex match to check what's wrong.

Another trick might be to set:

no_appending_timestamp = true

For the UDP input. You'll have to do that in the config files though.

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Explorer

I have tried this settings but it does not work.
We have all our network devices sending logs to syslog-ng server(forwarder installed) from where logs are sent to Splunk indexers.
Do we need to do something on network devices to make this app work or above mechanism works?
can you please provide any documention for forwarders configurations to make this app work

0 Karma
Highlighted

Re: How do I install the Cisco Networks app and get it up and running?

Motivator

I asked for an example log. If you could please provide one I am more than willing to help you.

Did you also install the Cisco Networks Add-on on your indexer? You need the add-on on your indexers. On the search head you need both the app and add-on.

0 Karma