Hi,
We would like our IOS-XR commits to be sent to Splunk, however we have been informed that it is not possible for Splunk to extract the data from the XR commit database. Consequently, we have written an EEM/TCL script that runs a show configuration commit automatically once an admin commits a change. We can see the output on the local device but they are not sent to splunk, every other log is received though.
This is the local device
RP/0/RSP0/CPU0:Aug 11 14:41:38.436 : tclsh[65916]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : commit_syslog.tcl: show config commit changes 1000000304
RP/0/RSP0/CPU0:Aug 11 14:41:38.438 : tclsh[65916]: Tue Aug 11 14:41:37.554 GMT
RP/0/RSP0/CPU0:Aug 11 14:41:38.438 : tclsh[65916]: Building configuration...
RP/0/RSP0/CPU0:Aug 11 14:41:38.439 : tclsh[65916]: !! IOS XR Configuration 5.3.4
RP/0/RSP0/CPU0:Aug 11 14:41:38.440 : tclsh[65916]: interface TenGigE0/0/0/3
RP/0/RSP0/CPU0:Aug 11 14:41:38.440 : tclsh[65916]: description TESTING CONFIG CHANGES
RP/0/RSP0/CPU0:Aug 11 14:41:38.441 : tclsh[65916]: !
RP/0/RSP0/CPU0:Aug 11 14:41:38.441 : tclsh[65916]: end
RP/0/RSP0/CPU0:Aug 11 14:41:38.443 : tclsh[65916]: RP/0/RSP0/CPU0:LAB-BBR-1#
This is what Splunk shows
Aug 11 23:30:19 byf-lab-bbr-1.net.4d-dc.com 67414: LAB-BBR-1 RP/0/RSP0/CPU0:Aug 11 22:30:19.509 : tclsh[65923]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : commit_syslog.tcl: show config commit changes 1000000307
Any help would be much appreciated.
