Getting Data In

How to set up and add CISCO L3 switches to Splunk ?

New Member


I'm very new to Splunk. My manager gave me a task how to add CISCO L3 switches to Splunk.
My manager said the switches are able to send logs to the syslog, but the syslog server does not save the logs.

Could somebody give me instructions to add CISCO L3 switches to the Splunk ?

Thank you for reading and please help.

0 Karma

Splunk Employee
Splunk Employee

Docs Here.

Splunk Addon for Cisco IOS based devices:

1. Best practice to send syslog to a centralized syslog server. Install a universal forwarder on the syslog server and tail syslog log files.
2. Create an Index to store the data and set Access Control / Retention
3. Any TA's or Splunk Apps you can use? search for cisco.

Hope this helps.

0 Karma
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...