All Apps and Add-ons

I am not seeing results in dashboards for cisco networks. Do we need to configure something on router/n/w devices?

yanivdutt
Explorer

index=network_syslog sourcetype=syslog results are displayed

index=network_syslog sourcetype=syslog eventtype="cisco_ios-ipsla" | eval state=case(state_to == "Up", 1, state_to == "Down", -1) | strcat dvc " " ip_sla_id dvc_ip_sla_id | timechart avg(state) AS state BY dvc_ip_sla_id | fillnull value=0    no results founds

Do we need to configure anything on routers or network devices?

0 Karma
1 Solution

Simeon
Splunk Employee
Splunk Employee

To begin collecting data from Cisco devices, you must minimally enable a network input to receive data and configure the cisco device to send syslog to the Splunk instance (or forwarder). If you are using the Cisco Security Suite, there are detailed instructions on how to turn on data for the Cisco devices in addition to enabling Splunk to receive and recognize the data.

View solution in original post

Simeon
Splunk Employee
Splunk Employee

To begin collecting data from Cisco devices, you must minimally enable a network input to receive data and configure the cisco device to send syslog to the Splunk instance (or forwarder). If you are using the Cisco Security Suite, there are detailed instructions on how to turn on data for the Cisco devices in addition to enabling Splunk to receive and recognize the data.

Richfez
SplunkTrust
SplunkTrust

If you run index=network_syslog sourcetype=syslog can you confirm that "eventtype" is indeed being set and that at least some of them are set to "cisco_ios-ipsla"?

0 Karma

yanivdutt
Explorer

Nope I dont see any events with cisco_ios*
I was asked to install cisco add on app on indexers which I am yet to do. Will keep you posted if results are changed after doing it

0 Karma

satishsdange
Builder
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...