Getting Data In

Cisco Apps

aalaa
Path Finder

Hello ,

Have you any suggestions for cisco apps to monitor events cisco routers and switches ?

Ps:
I installed the application cisco networks but the dahsboard not all functional

Tags (2)

eliasit
Path Finder

I had the same problem with the Cisco Security Suite. (https://splunkbase.splunk.com/app/525/)

Everything was installed and setup correctly but the dashboards always said "No results" or "No data". I found a fix for it when looking into why the "Data Summary" button on the search page was not showing the cisco:asa source type. Long story short, for some searches, not all indexes are included by default. New/created indexes, by default, are not included. So if you followed the Cisco docs and created an index called "asa_syslog" you need to add that index to the default search list. This is also true for other created indexes such as "oswinsec".

This is set in Setting>Access Controls>Roles. Select the role that your user belongs to, in my case admin, then click the "Indexes" tab. Enable both the "Included" and "Default" checkboxes for the index to make it searchable by default. After I added the index I went back to Cisco Security Suite and the dashboards populated immediately.

0 Karma

adonio
Ultra Champion

the Cisco Network app and the relevant TA works beautifully in dozens of environments i worked on
https://splunkbase.splunk.com/app/1467/
https://splunkbase.splunk.com/app/1352/
@aalaa if there is something you cant figure out, please elaborate so we can better assist you

0 Karma

MoniM
Communicator

Hi @aalaa ,
Can you confirm if you have installed Cisco Networks Add-on for Splunk Enterprise also?
Here is the link to download it:- https://splunkbase.splunk.com/app/1467/

Thanks.

0 Karma

aalaa
Path Finder

@MoniM yes i do but same result

0 Karma

molinarf
Communicator

Can you attach a screenshot of what you are of the dashboard?
Try going to Search and Reporting, then clicking on data summary to see if your devices are sending syslog data. If you see the device IP address or hostname, click on it and then see what kind of source or sourcetype information you are getting. You should see udp:514 or whatever port you have configured for your network devices to send syslogs to.

0 Karma

p_gurav
Champion

Did you install Cisco Networks Add-on? Is your splunk environment distributed or single instance?

0 Karma

aalaa
Path Finder

Yes i do , i install it in the indexer

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...