Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco equipement in Splunk

inessa40408
Explorer
‎01-02-2025 06:16 AM

Hello Splunkers 😉

 

Have any of you worked with log files of Cisco equipment:

- AP 9130

- WiFi Controller 9840

 

I am interested in how to add more information to log files.

And also: perhaps someone can share a use case for creating dashboards for this equipment.

 

Thanks in advance for your answers.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-02-2025 07:25 AM

Hi @inessa40408 ,

I cannot help you in Cisco network devices configuration, but in Spunk, you can use  Cisco network Add-On ( https://splunkbase.splunk.com/app/1467 ) to correctly parse the logs.

usually these logs are ingested configuring the Cisco network devices to send their logs to a Splunk receiver using syslog.

To receive syslog, you can use Splunk network inputs ( https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Monitornetworkports ), if you have few logs,

otherwise you should configure an rsyslog receiver that writes logs in files read by Splunk ( https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Data/Monitorfilesanddirectories ).

For the dashboards they depend on what you need to monitor, anyway the Splunk App for Cisco Network Devices could help you: https://splunkbase.splunk.com/app/1352

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-02-2025 07:25 AM

Hi @inessa40408 ,

I cannot help you in Cisco network devices configuration, but in Spunk, you can use  Cisco network Add-On ( https://splunkbase.splunk.com/app/1467 ) to correctly parse the logs.

usually these logs are ingested configuring the Cisco network devices to send their logs to a Splunk receiver using syslog.

To receive syslog, you can use Splunk network inputs ( https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Monitornetworkports ), if you have few logs,

otherwise you should configure an rsyslog receiver that writes logs in files read by Splunk ( https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Data/Monitorfilesanddirectories ).

For the dashboards they depend on what you need to monitor, anyway the Splunk App for Cisco Network Devices could help you: https://splunkbase.splunk.com/app/1352

Ciao.

Giuseppe

Reply
Solved! Jump to solution

inessa40408
Explorer
‎01-07-2025 03:21 AM

Thank you very much for your help! 🙂 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-07-2025 03:55 AM

Hi @inessa40408 ,

good for you, see next time!

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top