×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mbruce9
Engager
Member since: ‎12-31-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎12-31-2014
View All

Re: Confirming Cisco Networks Apps are working pro...

by in All Apps and Add-ons
‎03-11-2015 11:28 PM
‎03-11-2015 11:28 PM
Firstly thanks for your response. This has taken me longer than I should to acknowledge your assistance and address your points. Call Home - we haven't resolved this and this will be the issue with the site name otherwise it seems good. To your point c) we have done more work to try and answer this. I found this reference on the web which gave some ideas WLC Syslog Analysis In trying to understand what was happening we came up with something similiar as follows: a) Top WLC Syslog Events search string: host="WLC*" message_text="*" |timechart span=30m count(mnemonic) by mnemonic ==> This is similiar to your "Top mnemonics by time" and This gives the stack of syslog events and one can see which of them is most common currently and the abstracted name. The stack is slightly more readable than the chart in my view. In general - for most syslog messages from the WLC - most of these typically look like bugs. (The network / switching layer produces more interesting and actionable messages). - Ideally one would process some of the alarms in the same way to have a more useful Splunk view of all the alarms - but I haven't see any easy way to do this. In theory it is all possible. Other general comments: Switching dashboard / spanning tree and mac flapping. These are good, but we found a graph of when it occurred over time was useful. At a glance when things aren't going well; someone doesn't have to read times and dates, the graph says what is happening (30day default period ) search string: eventtype="cisco_ios-spanning_tree" | timechart count eventtype="cisco_ios-mac_flapping" | timechart count ... View more

Confirming Cisco Networks Apps are working properl...

by in All Apps and Add-ons
‎12-31-2014 04:46 AM
‎12-31-2014 04:46 AM
I have Splunk 6.1 and a small Cisco network (10 network devices, 2 x WLC with 50 APs) and have installed both the Cisco networks Add on and Cisco Networks App; and am not quite clear if it is all working properly despite reviewing and trying to follow the App Help. The Cisco Networks app is sparsely populated with data with > 50% unpopulated. Not sure if this is because this is only the data is available or what. Here is a summary of the relevant splunk config shows: - both apps installed (and reboot performed) - Data Inputs (syslog data ) are configured as UDP Port 514 (the App instructions say choose another port but this was done previously to app install) - with sourcetype 'syslog' - no option appears for cisco:ios - Sourcetype Cisco:SmartCallHome is set for TCP input on port 8989 - Switches have had their configurations set as shown in help (for 3750x all the commands are supported; not all features are supported for some others). Results: - from the base search interface, the range of fields (src_interface,mnemonic, message text....) and the sourcetype = cisco:ios suggest logs are being properly indexed with cisco relevant interpretations - in the Cisco networks APP, most of the panels are not populated as if data is not available. No inventory info (although ATHome is believed to be configured and working), site names etc. NOt clear how these names are set. - in The switching drop down, there is some data - Wireless - empty panels. Not clear if every AP needs to send logging info or just WLCs (we have just configured the latter) Questions: a) How is the Cisco Add On - 'called up / specified' for the data inputs as above? Seems to be working; but perhaps I don't understand how the indexing rules and fields are determined as being applicable (though it seems to be working) b) How does one debug a data input - to see what data is being received to enable troubleshooting c) Wireless - any ideas of what makes this panel produce a useful overview? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All