All Apps and Add-ons

How to troubleshoot why no data is populating in the Cisco Networks App for Splunk Enterprise?


I have installed a Cisco Networks App for Splunk Enterprise in order to monitor the Cisco devices. However, I installed everything (Apps in Search Head and add-ons in both SH and indexers), but no result could be seen in the app dashboards. Anyone can help?

0 Karma

Splunk Employee
Splunk Employee

First, make sure your Cisco data is getting to your indexers... Go to the search screen and run "index=. If this does not return results, check your inputs.conf where this TA was installed on your forwarder.

Second (if you are getting Cisco data to your indexer(s), go to Settings -> Access Controls -> Roles and then select the role assigned to the user you have having this issue with. Under the "Indexes searched by default" and "Indexes" sections at the bottom of this screen, either add the Cisco specific indexes to the "selected" columns or just add "All non-internal indexes" to both columns. The app performs searches on the sourcetypes from the TA's and needs access to the indexes by default, so if the app doesn't have default search access to the indexes, there will be no results found/returned for the dashboards.

Hope this helps...

0 Karma

Path Finder

Are you pointing your syslogs at it?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...