Hi there,
good the input is finally working.
First off there are no splunk board panels wich will give you some dashboards about your data. In some cases you might fine something product-specific at https://splunkbase.splunk.com/ to download it as an app but im pretty sure there is nothing for your Hirschmann. But since you have splunk it's easy to build yourself just with splunk spl.
But first things first...maybe you've already noticed but if you take a look at your screenshot in the first event are actually 3 evenets merged together. That's something you dont want!
Since you gave your events a custom sourcetype "hirsch" you will need to put some efforts in to let splunk understand the data correctly.
Maybe you should read:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Whysourcetypesmatter
and
http://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Createsourcetypes
A quicker way might be to change the sourcetype of your input to "syslog" since it's syslog what your switchs sends you. Some things might work out of the box.
A correct "event breaking/line breaking" is what you need to achieve.
From that point on you can start to gather information, extract fields and build some nice dashboards 🙂 Since there are many things on the way - way to mutch to cover all here - i suggest you start with some splunk tutorials like http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchTutorial/WelcometotheSearchTutorial.
Greetings
... View more
