Why I'm I not getting any data in Switch Dashboard in Cisco Networks App in Splunk. I see some visual data only in Cisco Networks Overview. Apart from Networks Overview, I cannot see any data anywhere in the app such as Audit, switching, Routing, security, performance, wireless, etc. The method I used to here as below; 1. Wlc, and cisco switch log files are routed to syslog-ng server. and I installed Splunk Universal-forwarder on top of it. 2. Authorized forwarder to connect to splunk server: sudo /opt/splunkforwarder/bin/splunk add forward-server splunkserverip:port -auth admin:changeme 3. added the directory for the monitoring: sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/switches/ Please help me with your response to complete the task of utilizing the all the options of Cisco networks app. ... View more

I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I refresh I could see the Splunk directory again. I tried multiple times, but it is still not getting deleted. Under Splunk_Home I can barely see one directory Splunk_Home/var/ Please help me to delete this completely from my system. I stopped the Splunk server before I deleted with /bin/splunk stop ... View more

What are the Splunk requirements to receive the data from Syslog-ng server? What are the Syslog requirements to get the data from the cisco network devices? What are the Configuration requirements to establish a communication between syslog and cisco devices, and how to configure it? Configuring the separate log files for routers, switches and firewalls. What is the list of the port numbers that listen to Splunk and syslog server? ... View more

I have Cisco logs coming into my syslog-ng server, and I added the log file on a universal forwarder to monitor and send to a Splunk server. How do I check whether or not data is being dumped into the indexer? I also want to add Cisco devices to the Cisco Networks App in Splunk. How do I do this? ... View more

UDP port 514 is not showing state. ... View more

I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslog-ng to to get the switch log files into /var/logs/cisco_switch.log . I don't see any files coming into /var/logs/cisco_switch.log , but I could see the log files automatically coming into /var/log/syslog . Appreciate any help to configure it. Listening to incoming UDP Syslog connections source s_src { system(); internal(); udp(port(514)); }; Destination files destination switch01{ file(“/var/log/Cisco_switch.log”); }; ######################## # Filters filter f_switch01 { host(“SWITCH_IP_ADDRESS”); }; ######################## # Log paths log { source(s_src); filter(f_switch01); destination(switch01); }; @include "/etc/syslog-ng/conf.d/*.conf" If anything is wrong with the script, please correct me. Should I make any configuration settings in /etc/init.d/syslog-ng ? ... View more

How to configure adding the data of switches and routers into the Cisco Networks App for Splunk Enterprise? ... View more

sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2 I don't want to monitor or forward the Apache log files from the Universal Forwarder to the Splunk server anymore. Is there any solution to stop it or delete it? ... View more

Even After increasing the size in the settings-->general settings-->Pause indexing if free disk space (in MB) falls below-->50000MB. It is still not resolved the issue. Does anyone have solution get rid of this issue. ... View more

I'm new to the Splunk tool. I heard very good feedback about Splunk and I want to implement in our company. I want to monitor our network using Splunk. The documentation provided on the Splunk website was not clear to me for configuring the Cisco router, switches, and firewalls. I would like to know the step by step process to configure my Cisco routers, switches, and firewalls. Appreciate if you can provide me any detailed document with examples to set up the environment. What are the details required to configure my switches, routers and firewalls into Splunk, and how do I authenticate with Splunk? Early response is highly appreciated. ... View more