All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the Cisco Networks App for Splunk Enterprise not parsing data?

pierrejordonnel
Explorer
‎07-28-2015 06:27 AM

Maybe someone can help me with this. I followed the instructions and changed my sourcetype to syslog since I do not have any sourcetype built for cisco:ios. I have yet to see any data even though I have tons of data coming in. Can anyone please help me figure out what I'm currently doing wrong?

Any and all help is appreciated

--Pierré

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎07-28-2015 07:38 AM

Hi,

  1. Do you see anything if you try this search: index=* sourcetype=cisco:ios . If so, change your permissions to search whatever index you put your data in to be searched by default
  2. Did you install both the app and the add-on on the search head? Add-on on the indexer
  3. Can you provide me with some log samples of the raw data as you see it in Splunk in the current syslog sourcetype?

View solution in original post

Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎07-28-2015 07:38 AM

Hi,

  1. Do you see anything if you try this search: index=* sourcetype=cisco:ios . If so, change your permissions to search whatever index you put your data in to be searched by default
  2. Did you install both the app and the add-on on the search head? Add-on on the indexer
  3. Can you provide me with some log samples of the raw data as you see it in Splunk in the current syslog sourcetype?
Reply
Solved! Jump to solution

pierrejordonnel
Explorer
‎07-28-2015 09:08 AM

It started to pick up information in the sourcetype=cisco:ios. I think I figured out the issue. I thought that there was no add-on due to only reading the title. I have added the add-on and that fixed it. Thanks for responding to me so quickly Mike.

Reply
Solved! Jump to solution

mikaelbje
Motivator
‎07-28-2015 10:35 AM

Great! No problem 🙂 I'd be happy if you could give the app and add-on a rating after you've tried them out for a while 🙂

0 Karma
Reply
Solved! Jump to solution

pierrejordonnel
Explorer
‎07-28-2015 08:38 AM

It looks like it started to pull data after I restarted the splunk search head. It apparently only see's port flappings but not unique devices and other issues that are probably being reported by my cisco devices.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...