All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why would the source type cisco:ios not be getting created? Can I add it manually?

QHGC
New Member
‎01-15-2015 08:59 PM

complete Splunk noob
Just installed a fresh splunk-6.2.1-245427-x64-release on a Win2012 GUI box and installed:
Cisco Networks (cisco_ios) 2.1.1
Cisco Networks Add-on (TA-cisco_ios) 2.1.0

When I try to configure as per the instructions:
Syslog input: Enable a UDP input with a custom port number on your Splunk forwarder or Splunk indexer. Set the sourcetype to cisco:ios or syslog
I dont get the cisco:ios option as a source type; the only cisco item is cisco:asa

Any ideas why this would happen and how to resolve it?
Cheers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎01-15-2015 09:42 PM

If you do this through the web interface of your Splunk Enterprise instance then choose custom sourcetype and then add the string cisco:ios in the input field. Leave source as it is, only modify the sourcetype.

View solution in original post

Reply
Solved! Jump to solution
Solution

mikaelbje
Motivator
‎01-15-2015 09:42 PM

If you do this through the web interface of your Splunk Enterprise instance then choose custom sourcetype and then add the string cisco:ios in the input field. Leave source as it is, only modify the sourcetype.

Reply
Solved! Jump to solution

QHGC
New Member
‎01-15-2015 09:46 PM

Thanks, I did do that but wasn't sure if it would work. Haven't been able to get any data from the switches yet and thought that might be a cause.
Thanks for the info guys 😉

0 Karma
Reply
Solved! Jump to solution

mikaelbje
Motivator
‎01-15-2015 11:03 PM

If you're still not getting any data, check if Splunk is actually listening on the port that you chose with "netstat -an | findstr PORTNUMBER" in the Windows command line.

The next step would be to check your Windows firewall, then any other firewalls in the network.

0 Karma
Reply
Solved! Jump to solution

Lucas_K
Motivator
‎01-15-2015 09:17 PM

I think he means in the inputs on your forwarder set the sourcetype to cisco:ios.

ie. in your inputs.conf on your uf.

[udp://somelisteningport]
disabled = 0
index = cisco
sourcetype = cisco:ios

Reply
Solved! Jump to solution

QHGC
New Member
‎01-15-2015 09:38 PM

But I'm not using a forwarder, single server instance.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...