Re: How to add the data of switches and routers in...

splunkfly · ‎04-11-2016

How to configure adding the data of switches and routers into the Cisco Networks App for Splunk Enterprise?

gmerhej_splunk · ‎04-11-2016

Along with the App, you'll need to install the "Cisco Networks Add-on" and to use the sourcetype cisco:ios for the Syslog data sent from the switches and routers.

splunkfly · ‎04-11-2016

I have logs data stored on Syslog-ng ---->universal forwarder----> splunk Server
I couldn't find the feature sourcetype cisco:ios for the Syslog data sent from the switches and routers.
The Networks App looks great but I Need input the data from syslog server to splunk app, that's the challenging. If you can be help me with bit more information would helps me a lot.

gmerhej_splunk · ‎04-11-2016

You will need to manually define the sourcetype in the inputs.conf under the monitor stanza:

http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/Bypassautomaticsourcetypeassignment

splunkfly · ‎04-13-2016

is this path is correct where inputs.conf file located ?? (Splunk_Home/etc/system/local/inputs.conf)

gmerhej_splunk · ‎04-16-2016

There are many inputs.conf. However, it's better to do the configuration in Splunk_Home/etc/apps/search/local/inputs.conf

How to add the data of switches and routers into the Cisco Networks App for Splunk Enterprise?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup