In the Cisco Networks App for Splunk Enterprise ap...

haddad · ‎08-07-2018

Hi

This is our issue :

We have two different groups : Datacenter and Backbone and each have their own cisco devices and they are sending their syslog to splunk. We decided to differentiate the log like this : Datacenter sends the log to UDP 514 and Backbone sends it to UDP 515 and each group has their own index and the logs of these groups will reside in different indexes.

Now the problem is the Cisco App that I found in splunk base. This is a great app and we want to use this for these two groups and access them to monitor their devices without access to other group devices.

How can we do this (two different groups and two different indexes)?

ckp123 · ‎04-08-2019

try to map each source (source="udp:514" & source="udp:515") with different index and set the permissions to respective groups. Ensure to update the index field on all the dashboard/reports/alert etc.. on the app.

mikaelbje · ‎01-07-2019

You can in fact do this with the app if you use the companion "multi tenancy" add-on. It comes with a charge. Let me know if you are interested. The add-on will let you define a set of indexes per Splunk role and change views depending on your permissions (honoring the indexes you are allowed to see)

FritzWittwer_ol · ‎08-08-2018

You have to check it, the app seems not to use certain index names but only the sourcetypes cisco:ios and Cisco:SmartCallHome. So if you set the permissions so each group of users only sees 'their' index, it should work as you need it.

FritzWittwer_ol · ‎08-08-2018

which one of the 57 Cisco apps are you using?

haddad · ‎08-08-2018

sorry !
this app :
https://splunkbase.splunk.com/app/1352/

In the Cisco Networks App for Splunk Enterprise app how to give access to different groups and not have them see the others devices?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!