Activity Feed
- Posted Re: Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-22-2016 06:46 AM
- Posted Re: Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-21-2016 08:49 AM
- Posted Re: Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-20-2016 01:55 PM
- Posted Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-20-2016 09:43 AM
- Tagged Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-20-2016 09:43 AM
- Tagged Why am I not getting any data in the Switch Dashboard of the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-20-2016 09:43 AM
- Posted Re: Why am I unable to delete Splunk from an Ubuntu server? on Getting Data In. 04-20-2016 09:29 AM
- Posted Re: Why am I unable to delete Splunk from an Ubuntu server? on Getting Data In. 04-19-2016 06:36 AM
- Posted Why am I unable to delete Splunk from an Ubuntu server? on Getting Data In. 04-18-2016 06:50 AM
- Tagged Why am I unable to delete Splunk from an Ubuntu server? on Getting Data In. 04-18-2016 06:50 AM
- Tagged Why am I unable to delete Splunk from an Ubuntu server? on Getting Data In. 04-18-2016 06:50 AM
- Posted Questions on Splunk and Syslog-ng Server on Getting Data In. 04-16-2016 08:38 PM
- Tagged Questions on Splunk and Syslog-ng Server on Getting Data In. 04-16-2016 08:38 PM
- Tagged Questions on Splunk and Syslog-ng Server on Getting Data In. 04-16-2016 08:38 PM
- Posted How to add Cisco devices to the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-14-2016 08:48 AM
- Tagged How to add Cisco devices to the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-14-2016 08:48 AM
- Tagged How to add Cisco devices to the Cisco Networks App for Splunk Enterprise? on All Apps and Add-ons. 04-14-2016 08:48 AM
- Posted Re: How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log on Getting Data In. 04-13-2016 11:43 AM
- Posted Re: monitor cisco switch environment on Getting Data In. 04-13-2016 08:40 AM
- Posted Re: monitor cisco switch environment on Getting Data In. 04-13-2016 08:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-22-2016
06:46 AM
Whey I use the log path as below;
source="/var/log/switches/switch1.log" sourcetype=switch-too_small host=syslog_splunk
but splunk shows the sourcetype=switch-too_small and host=syslog_splunk
syslog_splunk is log server host name. and I see sourcetype is automatically generated I never mentioned "switch-too_small".
Do you want me to change the source type to be Cisco: ios?
... View more
04-21-2016
08:49 AM
I checked my role, I' have all the privileges to read , write and execute as an administrator. I'm able to search the the search box, the data is flowing. but I want to see that data in the networking app.
I reconfigured again today,
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/switches -index Cisco_switches_index -sourcetype Cisco_logs .
What else should I configure more.
... View more
04-20-2016
01:55 PM
Thanks for your response. I'm getting all the logs into my syslog server. I have no problem with logs. My question is that, I'm able to see the received logs data visually only in Cisco Networks Overview tab in the Cisco networks app in the splunk. Apart from Networks Overview option in the app, I cannot see the data in other options of the app such as Audit, switching, Routing, security, performance, wireless, etc.
... View more
04-20-2016
09:43 AM
Why I'm I not getting any data in Switch Dashboard in Cisco Networks App in Splunk. I see some visual data only in Cisco Networks Overview. Apart from Networks Overview, I cannot see any data anywhere in the app such as Audit, switching, Routing, security, performance, wireless, etc.
The method I used to here as below;
1. Wlc, and cisco switch log files are routed to syslog-ng server. and I installed Splunk Universal-forwarder on top of it.
2. Authorized forwarder to connect to splunk server:
sudo /opt/splunkforwarder/bin/splunk add forward-server splunkserverip:port -auth admin:changeme
3. added the directory for the monitoring:
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/switches/
Please help me with your response to complete the task of utilizing the all the options of Cisco networks app.
... View more
04-20-2016
09:29 AM
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/dm-0 80083800 2456832 73535884 4% /
... View more
04-19-2016
06:36 AM
Yes, I'm a root user. I have all the permissions, it is getting deleted when i delete it, but after few minutes the directory appears again at the same location.
... View more
04-18-2016
06:50 AM
I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I refresh I could see the Splunk directory again. I tried multiple times, but it is still not getting deleted. Under Splunk_Home I can barely see one directory Splunk_Home/var/
Please help me to delete this completely from my system. I stopped the Splunk server before I deleted with /bin/splunk stop
... View more
04-16-2016
08:38 PM
What are the Splunk requirements to receive the data from Syslog-ng server?
What are the Syslog requirements to get the data from the cisco network devices?
What are the Configuration requirements to establish a communication between syslog and cisco devices, and how to configure it?
Configuring the separate log files for routers, switches and firewalls.
What is the list of the port numbers that listen to Splunk and syslog server?
... View more
04-14-2016
08:48 AM
I have Cisco logs coming into my syslog-ng server, and I added the log file on a universal forwarder to monitor and send to a Splunk server. How do I check whether or not data is being dumped into the indexer? I also want to add Cisco devices to the Cisco Networks App in Splunk. How do I do this?
... View more
04-13-2016
08:40 AM
I'm getting syslog messages from switches into /var/logs/syslog. and on top of it I have also installed universalforwarder on syslog-ng server.
I need to know the process to seperate the syslogs for each switch and router and send the data to cisco networks app on the splunk.
Please guild me
... View more
04-13-2016
08:40 AM
I'm getting syslog messages from switches into /var/logs/syslog. and on top of it I have also installed universalforwarder on syslog-ng server.
I need to know the process to seperate the syslogs for each switch and router and send the data to cisco networks app on the splunk.
Please guild me
... View more
04-13-2016
08:29 AM
is this path is correct where inputs.conf file located ?? (Splunk_Home/etc/system/local/inputs.conf)
... View more
04-12-2016
09:32 AM
I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslog-ng to to get the switch log files into /var/logs/cisco_switch.log . I don't see any files coming into /var/logs/cisco_switch.log , but I could see the log files automatically coming into /var/log/syslog .
Appreciate any help to configure it.
Listening to incoming UDP Syslog connections
source s_src {
system();
internal();
udp(port(514));
};
Destination files
destination switch01{ file(“/var/log/Cisco_switch.log”); };
########################
# Filters
filter f_switch01 { host(“SWITCH_IP_ADDRESS”); };
########################
# Log paths
log { source(s_src); filter(f_switch01); destination(switch01); };
@include "/etc/syslog-ng/conf.d/*.conf"
If anything is wrong with the script, please correct me. Should I make any configuration settings in /etc/init.d/syslog-ng ?
... View more
04-11-2016
01:36 PM
I have logs data stored on Syslog-ng ---->universal forwarder----> splunk Server
I couldn't find the feature sourcetype cisco:ios for the Syslog data sent from the switches and routers.
The Networks App looks great but I Need input the data from syslog server to splunk app, that's the challenging. If you can be help me with bit more information would helps me a lot.
... View more
04-11-2016
09:49 AM
How to configure adding the data of switches and routers into the Cisco Networks App for Splunk Enterprise?
... View more
04-11-2016
07:49 AM
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2
I don't want to monitor or forward the Apache log files from the Universal Forwarder to the Splunk server anymore. Is there any solution to stop it or delete it?
... View more
04-08-2016
07:44 AM
Even After increasing the size in the settings-->general settings-->Pause indexing if free disk space (in MB) falls below-->50000MB.
It is still not resolved the issue. Does anyone have solution get rid of this issue.
... View more
04-07-2016
07:16 AM
I'm new to the Splunk tool. I heard very good feedback about Splunk and I want to implement in our company. I want to monitor our network using Splunk. The documentation provided on the Splunk website was not clear to me for configuring the Cisco router, switches, and firewalls. I would like to know the step by step process to configure my Cisco routers, switches, and firewalls.
Appreciate if you can provide me any detailed document with examples to set up the environment. What are the details required to configure my switches, routers and firewalls into Splunk, and how do I authenticate with Splunk?
Early response is highly appreciated.
... View more
