I have installed "Cisco Networks Add-on for Splunk Enterprise" on my splunk enterprise server.
I able to get the data from cisco device on UDP:514 with sourcetype=cisco:ios.
Please help me how to configure this app produce dashboard of that data on this app. Does this app have any default dashboards/reports.
Am not sure if my configuration is wrong or this app/addon itself doesn't have any prebuilt dashboard/reports.
The Cisco Networks Add-on (TA-cisco_ios) does not need any special configuration setup. You only need to set the correct source types i.e. cisco:ios for networking devices, such as routers and switches and WLC. The Cisco Networks App for Splunk Enterprise also does not require much of setup.
The Cisco Networks App for Splunk Enterprise comes with few pre-built dashboards and reports. You only need to make sure the data is indexed correctly with the correct source type and the user has correct permissions.
I am noting a few points that you can check :
Settings>> Access Controls >> Roles >> 'select role' >> Indexes searched by default.
Hope this Helps.
The app name looks very strange. Are you sure you installed it correctly? If it was installed correctly you should get to an overview page with a summary of the events from your Cisco network infrastructure. Have a look in the Splunk app install folder under etc/apps and check if anything looks strange compared to other apps
Yes.. There was some configuration issue when upload on web. Unzipped and copied to apps directory manually and it worked like a charm. I have kept source type as cisco:ios.