All Apps and Add-ons

NVM Dashboard - No Results Found

robertturner866
New Member

I've setup Cisco NVM for Splunk exactly as per the comprehensive installation guide on the Cisco website but my NVM Dashboard in Splunk is still showing "No Results Found" for every panel.

I have done/confirmed the following:

  • Created an NVM XML client profile within ASDM on my Anyconnect ASA pointing my clients to a collector server on port 2055

  • Configured the deployment of the NVM module to the end clients via ASDM (which i can confirm is installing on my clients as "Network Visibility" under "Installed Modules" on the Anyconnect information section)

  • Created a Ubuntu collection server using the CiscoNVMCollector_TA zip file, edited the acnvm.conf file to point towards my Splunk Syslog server IP on ports 20519, 20520 and collector port 2055 (defaults) and ran the install.sh script.

  • Confirmed "acnvmcollectord" service is running correctly on collection server after installation and completely turned off the ubuntu firewall

  • Installed the Cisco NVM app on my Splunk server, restarted Splunk service and checked correct ports are setup to listen as per the above configuration (which i knew they were anyway as my other apps work)

AND

  • Ran a wireshark capture on clients and can see IPFIX traffic been sent to my collector server

  • Ran wireshark capture on collector server and can see incoming IPFIX traffic from clients and outgoing SYSLOG traffic forwarded onto Splunk Syslog server

  • Ran wireshark capture on Splunk server and can see incoming SYSLOG traffic from collector server.

All this, and yet my Cisco NVM App dashboard in Splunk still shows "No Results Found"

Im at a complete loss.

0 Karma

nvzFlow
Path Finder

Please confirm that your NVM client is configured to send flows directly to your collector (and not forwarded through some intermediate device). In your Splunk instance, do you see the raw data getting indexed? (From any report, click the magnifying glass to goto raw search)

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...