Which addon to install to onboard Cisco Catalyst 8...

dm1 · ‎07-16-2025

I need to onboard Cisco Catalyst 8500 router logs into Splunk. When I was looking for addons, I found the below addons that seem relevant

Cisco Catalyst Add-on for Splunk - This is preferred as its Cisco built and supported.
https://splunkbase.splunk.com/app/7538
Then there is this addon Add-on for Cisco Network Data - https://splunkbase.splunk.com/app/1467, but it is unsupported.

The instructions in the Cisco built addon are not very clear on how to onboard the router logs.

Can someone please help?

gcusello · ‎07-16-2025

Hi @dm1 ,

until today, I always used the second one in many hundreds of project without any issue.

the fact that it isn't unsupported it's a new for me, but probably it was an oversight of mine.

The first one is Cisco supported so you could use it.

About instuctions for ingestion, I'm not a network specialist, but Catalysts, as other network appliances, should send their logs by syslog, so you can directly receive syslogs using Splunk, in an Heavy Forwarder, or (better),creating an rsyslog input that writes syslogs in a file that it is read by Splunk.

Ciao.

Giuseppe

Which addon to install to onboard Cisco Catalyst 8500-12x router logs into Splunk ?

data

heavy forwarder

host

index

inputs.conf

source

sourcetype

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Which addon to install to onboard Cisco Catalyst 8500-12x router logs into Splunk ?