Splunk Cisco Networks App not displaying results

coffeetech · ‎02-08-2019

I have installed the Cisco network app version 2.5.6 and the additional Cisco add-on in splunk, and it's failing to show any results. I am receiving syslogs from the cisco switches via the results query tab, but when I the click the separate"cisco networks" tab in the left side of the splunk application and go inside it, there is nothing to show. All of the columns show this error;

                   Error in 'TsidxStats': WHERE clause is not an exact query

Don't really know what this means or how I am suppose to fix this issue. Any help would be appreciate. Thank you.

vinod94 · ‎02-12-2019

Hi @coffeetech ,

Have you tried rebuilding the data model? if not, you can try so.

Go to settings>under Knowledge - Data models . Search for Cisco_ios_event. Expand (>)and you will see an update and rebuild option.

If it still doesn't work, you can try this - try mentioning the index name(your index) if its not present in the eventtypes and macros.

Splunk Cisco Networks App not displaying results

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?

Splunk Cisco Networks App not displaying results

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!