All Apps and Add-ons

NVM Dashboard - No Results Found

robertturner866
New Member

I've setup Cisco NVM for Splunk exactly as per the comprehensive installation guide on the Cisco website but my NVM Dashboard in Splunk is still showing "No Results Found" for every panel.

I have done/confirmed the following:

  • Created an NVM XML client profile within ASDM on my Anyconnect ASA pointing my clients to a collector server on port 2055

  • Configured the deployment of the NVM module to the end clients via ASDM (which i can confirm is installing on my clients as "Network Visibility" under "Installed Modules" on the Anyconnect information section)

  • Created a Ubuntu collection server using the CiscoNVMCollector_TA zip file, edited the acnvm.conf file to point towards my Splunk Syslog server IP on ports 20519, 20520 and collector port 2055 (defaults) and ran the install.sh script.

  • Confirmed "acnvmcollectord" service is running correctly on collection server after installation and completely turned off the ubuntu firewall

  • Installed the Cisco NVM app on my Splunk server, restarted Splunk service and checked correct ports are setup to listen as per the above configuration (which i knew they were anyway as my other apps work)

AND

  • Ran a wireshark capture on clients and can see IPFIX traffic been sent to my collector server

  • Ran wireshark capture on collector server and can see incoming IPFIX traffic from clients and outgoing SYSLOG traffic forwarded onto Splunk Syslog server

  • Ran wireshark capture on Splunk server and can see incoming SYSLOG traffic from collector server.

All this, and yet my Cisco NVM App dashboard in Splunk still shows "No Results Found"

Im at a complete loss.

0 Karma

nvzFlow
Path Finder

Please confirm that your NVM client is configured to send flows directly to your collector (and not forwarded through some intermediate device). In your Splunk instance, do you see the raw data getting indexed? (From any report, click the magnifying glass to goto raw search)

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...