All Apps and Add-ons

Why would the source type cisco:ios not be getting created? Can I add it manually?

QHGC
New Member

complete Splunk noob
Just installed a fresh splunk-6.2.1-245427-x64-release on a Win2012 GUI box and installed:
Cisco Networks (cisco_ios) 2.1.1
Cisco Networks Add-on (TA-cisco_ios) 2.1.0

When I try to configure as per the instructions:
Syslog input: Enable a UDP input with a custom port number on your Splunk forwarder or Splunk indexer. Set the sourcetype to cisco:ios or syslog
I dont get the cisco:ios option as a source type; the only cisco item is cisco:asa

Any ideas why this would happen and how to resolve it?
Cheers

0 Karma
1 Solution

mikaelbje
Motivator

If you do this through the web interface of your Splunk Enterprise instance then choose custom sourcetype and then add the string cisco:ios in the input field. Leave source as it is, only modify the sourcetype.

View solution in original post

mikaelbje
Motivator

If you do this through the web interface of your Splunk Enterprise instance then choose custom sourcetype and then add the string cisco:ios in the input field. Leave source as it is, only modify the sourcetype.

QHGC
New Member

Thanks, I did do that but wasn't sure if it would work. Haven't been able to get any data from the switches yet and thought that might be a cause.
Thanks for the info guys 😉

0 Karma

mikaelbje
Motivator

If you're still not getting any data, check if Splunk is actually listening on the port that you chose with "netstat -an | findstr PORTNUMBER" in the Windows command line.

The next step would be to check your Windows firewall, then any other firewalls in the network.

0 Karma

Lucas_K
Motivator

I think he means in the inputs on your forwarder set the sourcetype to cisco:ios.

ie. in your inputs.conf on your uf.

[udp://somelisteningport]
disabled = 0
index = cisco
sourcetype = cisco:ios

QHGC
New Member

But I'm not using a forwarder, single server instance.

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...