Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I get data from my Cisco switch into Splunk?

jasonpoth
New Member
‎06-10-2016 06:58 AM

I am new to Splunk. I have set it up on my server, set up an indexer, and set up the logging in my switch, but I have no data. I do not see the option for Cisco:ios. How do you install the technology plugin?

0 Karma
Reply

shaskell_splunk
Splunk Employee
Splunk Employee
‎06-10-2016 09:28 AM

The best practice is to use a syslog aggregation tier and then use the Universal Forwarder on top of your syslog server(s). This gives you the most reliability, auto-load balances the data if you have a distributed setup and will not cause data loss if you need to re-start your Splunk infrastructure. I highly recommend you go this route.

If you don't have syslog servers then you can syslog directly to Splunk.

http://docs.splunk.com/Documentation/Splunk/6.4.1/Data/Monitornetworkports
http://docs.splunk.com/Documentation/Splunk/6.4.1/Data/HowSplunkEnterprisehandlessyslogdata

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...