How to configure Cisco ACI Add-on for Splunk Enter...

FritzWittwer_ol · ‎05-14-2020

I have to deploy the Cisco ACI Add-on for Splunk Enterprise on a heavy forwarder without web interface. How can I configure it with the configuration files, the Readme mentions only the web interface.

Azeemering · ‎05-14-2020

Hi,

First thing I would do is install it on a local Splunk test instance and configure it there. Then after the configuration copy the whole app across to the Heavy Forwarder. This is the route I normally take in these situations.

Else you need to go down the rabbit hole of editing the conf files manually and that might be a big pain.

For example the cisco_aci_server_setup.conf:

[cisco_aci_server_setup_settings]
cisco_aci_host =
cisco_aci_port =
cisco_aci_username =
password =
is_password_authentication = 1
is_remote_user_authentication = 0
remote_user_domain_name =
remote_user_password =
is_cert_authentication = 0
cert_name=
cert_private_key_path=

It contains a password that probably is stored encrypted during the setup. This makes it very hard to manually configure it in the cli.

How to configure Cisco ACI Add-on for Splunk Enterprise with configuration files

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How to configure Cisco ACI Add-on for Splunk Enterprise with configuration files

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem