The Cisco Networks App includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, IOS XR and NX-OS devices using Splunk® Enterprise.
Please post a question on Splunk Answers and tag it with "Cisco Networks" if there is anything you would like to see in this app.
Sourcetype(s): cisco:ios
Supported Technologies: Cisco IOS, IOS-XE, NX-OS, IOS XR devices, WLC
Supported Splunk versions: 7.X
The Cisco Networks app can be downloaded, installed, and configured to receive Cisco IOS and WLC data by either using the Splunk app setup screen or by manually installing and configuring the app.
This app reads from the sourcetype cisco:ios defined in TA-cisco_ios
1. Install in $SPLUNK_HOME/etc/apps/cisco_ios
2. Restart Splunk
3. See the Help page in the app
##### Fixed issues
Version 2.7.1 of the Cisco Networks app fixes the following issues:
- Fixed some dashboards using base searches not loading
- Overview dashboard not showing due to bug with index filter (this release actually fixes it)
- Changed macro for EVAL lookup compatibility in Splunk 8.1+
##### Fixed issues
Version 2.7.0 of the Cisco Networks app fixes the following issues:
- Fixed some dashboards using base searches not loading
- Overview dashboard not showing due to bug with index filter (this release actually fixes it)
- Changed macro for EVAL lookup compatibility in Splunk 8.1+
##### Fixed issues
Version 2.5.8 of the Cisco Networks app fixes the following issues:
- Overview dashboard not showing due to bug with index filter (this release actually fixes it)
- Some fields have been renamed to align with field names in TA-cisco_ios because FIELDALIAS behaviour has changed in Splunk 7.2
##### Known issues
Version 2.5.8 of the Cisco Networks app has the following known issues:
- Not fully compatible with the latest CIM
##### Third-party software attributions
Version 2.5.8 of the Cisco Networks app incorporates the following third-party software or libraries.
- Icon by Yudha Agung Pribadi (https://www.iconfinder.com/iconsets/networking-icons-1)
##### Fixed issues
Version 2.5.7 of the Cisco Networks app fixes the following issues:
- Overview dashboard not showing due to bug with index filter (this release actually fixes it)
- Some fields have been renamed to align with field names in TA-cisco_ios because FIELDALIAS behaviour has changed in Splunk 7.2
##### Known issues
Version 2.5.7 of the Cisco Networks app has the following known issues:
- Not fully compatible with the latest CIM
##### Fixed issues
Version 2.5.6 of the Cisco Networks app fixes the following issues:
- Overview dashboard not showing due to bug with index filter (this release actually fixes it)
##### Known issues
Version 2.5.6 of the Cisco Networks app has the following known issues:
- Not fully compatible with the latest CIM
##### Fixed issues
Version 2.5.5 of the Cisco Networks app fixes the following issues:
- Overview dashboard not showing due to bug with index filter
##### New features
Cisco Networks includes the following new features:
- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode
##### Removed features
- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.
##### Fixed issues
Version 2.5.4 of the Cicso Networks app fixes the following issues:
- Various small fixes removing deprecated features
##### Known issues
Version 2.5.4 of the Cisco Networks app has the following known issues:
- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Index
##### New features
Cisco Networks includes the following new features:
- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode
##### Removed features
- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.
##### Fixed issues
Version 2.5.3 of the Cicso Networks app fixes the following issues:
- Various small fixes removing deprecated features
##### New features
Cisco Networks includes the following new features:
- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode
##### Removed features
- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.
##### Fixed issues
Version 2.5.2 of the Cicso Networks app fixes the following issues:
- Various small fixes removing deprecated features
##### New features
Cisco Networks includes the following new features:
- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode
##### Removed features
- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.
##### Fixed issues
Version 2.5.1 of the Cicso Networks app fixes the following issues:
- Various small fixes removing deprecated features
##### New features
Cisco Networks includes the following new features:
- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode
##### Removed features
- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.
##### Fixed issues
Version 2.5.0 of the Cicso Networks app fixes the following issues:
- Various small fixes removing deprecated features
##### New features
Cisco Networks includes the following new features:
- App certification
##### Fixed issues
Version 2.3.4 of the Cicso Networks app fixes the following issues:
- A few facility lookups were broken in cisco_ios_messages.csv
- Diagnostic messages panel in overview page now displays vendor_message_text instead of message_text. This hides the actual raw event, but prevents actual duplicate events from the same host cluttering the dashboard
- Other CSV file fixes
##### Known issues
Version 2.3.4 of the Cisco Networks app has the following known issues:
- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers
##### New features
Cisco Networks includes the following new features:
-
##### Fixed issues
Version 2.3.3 of the Cicso Networks app fixes the following issues:
- A few facility lookups were broken in cisco_ios_messages.csv
- Diagnostic messages panel in overview page now displays vendor_message_text instead of message_text. This hides the actual raw event, but prevents actual duplicate events from the same host cluttering the dashboard
- Other CSV file fixes
##### Known issues
Version 2.3.3 of the Cisco Networks app has the following known issues:
- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers
##### New features
Cisco Networks includes the following new features:
- Added some more panels to the Security -> ACL dashboard
##### Fixed issues
Version 2.3.2 of the Cicso Networks app fixes the following issues:
- Documentation for certification
##### Known issues
Version 2.3.2 of the Cisco Networks app has the following known issues:
- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers
##### New features
Cisco Networks includes the following new features:
- Route flapping table added to the Routing Dashboard
- AP logging now supported
- Security ACL now does a sum of packets instead of counting rows
##### Fixed issues
Version 2.3.0 of the Cicso Networks app fixes the following issues:
- Change management transactions now resorts to using _time if event_id is missing.
- Changed result field for authentication events to vendor_action for CIM compliance. Also changed in the TA
- All searches now use eventtypes instead of sourcetype=cisco:ios
##### Known issues
Version 2.3.0 of the Cisco Networks app has the following known issues:
- Unable to return raw events in Splunk Enterprise 6.3 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3 and the Vendor Message Lookup CSV file. Workaround: Rename TA-cisco_ios/default/limits.conf.spec as TA-cisco_ios/default/limits.conf your Search Head and Indexers
##### New features
Cisco Networks includes the following new features:
- Added WLC/IOS toggle to the overview page. UPDATE YOUR Cisco Networks Add-on too!
##### New features
Cisco Networks includes the following new features:
- Added facility category lookup file based on http://www.cisco.com/c/en/us/td/docs/ios/15_0sy/system/messages/15sysmg/sm15syovr.html
- Added variable name lookup file (not in use yet)
- Better documentation
##### Fixed issues
Version 2.2.0 of the Cicso Networks app fixes the following issues:
- Fixed static search on one single device for Smart Call Home events in the Device view
- Removed unused searches
- Wireless view corrected to get MAC addresses correctly output
- Improvements to get the app Splunk Certified
##### Known issues
Version 2.2.0 of the Cisco Networks app has the following known issues:
- None known
+++ 2.1.1 (2014-12-05)
Bug fixes:
* Time picker for Auditing Time Drift + CDP neigbors fixed (it was explicit)
++ What's New
+++ 2.1.0 (2014-10-30)
Features:
* NAME CHANGED TO Cisco Networks. Also download the latest TA-cisco_ios!
* More filters in the dashboards
* DOT1X now with more graphs
++ What's New
+++ 2.0.0 (2014-09-19)
Features:
* CIM 4.0 Compliance. MANY fields have changed names. You may need to change your custom searches
* Lots of new features. Dashboards have been fixed up, drilldowns enhanced, more Smart Call Home support
MAKE SURE YOU REMOVE EARLIER VERSIONS OF THE CISCO IOS APP BEFORE INSTALLING THIS VERSION!
++ What's New
+++ 1.6.0 (2014-07-21)
Features:
* Device/s dashboard changed. Includes data collected with Smart Call Home.
Bug fixes:
* Routing dashboard no longer auto refreshes
* Drilldown now works better in the Event Analysis!
* CSV file moved out of the TA to the main app
++ What's New
+++ 1.5.0 (2014-05-08)
Features:
* Added more fields to the data model
* Added an Event Analysis Dashboard to Auditing using the new lookups from TA-cisco_ios.
* Auditing -> Best Practice Deviations has been removed
* Map visualizations added to Security -> ACL
++ What's New
+++ 1.3.2 (2014-04-23)
Added a new overview page (overview_postprocess_searches_no_pivot)
as a workaround for users having problems with Data Model powered
searches not displaying (Splunk defect SPL-83310) - THIS IS SLOW!
Bug fixes:
* Removed some unneccessary files.
* Moved Performance panels into a common performance_dashboard
Features:
* Preliminary support for IP SLA events (Performance dashboard)
* Optical transceiver attenuation monitoring (Switching -> Dashboard)
++ What's New
+++ 1.3.1 (2014-04-17)
Bug fixes:
* 802.1x euthentications now renamed to 802.1x events, no longer a child of "User"
* Various small changes
+++ 1.3.0 (2014-04-04)
Features:
* Now relies on Splunk 6! Data models are in use
Bug fixes:
* Device dashboard now fixed
+++ 1.2.1 (2014-02-17)
Features: Started work on a new Device dashboard
+++ 1.2.0 (2014-01-09)
Features:
* Moved props, transforms etc to the TA.
YOU NOW NEED THE TA ON YOUR SEARCH HEAD ALONGSIDE THE APP!
+++ 1.1.6 (2013-10-10)
Features:
* Started creating Data Models for Splunk 6.0
Bug fixes:
* Top ACL logs now counts num_packets
+++ 1.1.5 (2013-09-20)
Features:
* IOS XR support
+++ 1.1.3 (2013-08-12)
Bug fixes:
* Fixed bug that also captured events that were in the body of ACS events
* Now captures events from switches with a subfacility
+++ 1.1.2 (2013-07-22)
Features:
* Added wireless - more to come
+++ 1.1.1 (2013-05-27)
Features:
* Add a reliable_time=true/false based on presence of *:
* More CIM compliance
* Fixed ACL logging for log-input
+++ 1.1.0 (2013-05-16)
Features:
* Smart Install view added to Auditing
* Added FHRP to Switching (no extractions yet)
+++ 1.0.9 (2013-04-26)
Features:
* Moved a few things around
* Etherchannel added to performance
+++ 1.0.8 (2013-04-23)
Features:
* Added Switching nav
* Added Security nav
* Added extractions for DOT1X - this will be getting transaction tracking soon
Bug fixes:
* Fixed general extraction to handle integers in facility and mnmenonic
+++ 1.0.7 (2013-04-17)
Features:
* Regex support for WLC
* Added stack manager
+++ 1.0.6 (2013-04-12)
Features:
* Now extracts login successes and failures
+++ 1.0.5 (2013-04-05)
Features:
* Added device restart/boot table to Auditing dashboard. Thanks jaoui
+++ 1.0.4 (2013-04-04)
Bug fixes:
* Fixed subfacility extraction
+++ 1.0.3 (2013-03-28)
Bug fixes:
* Minor under the hood improvements
+++ 1.0.2 (2013-03-26)
Features:
* More extractions added, not yet in any views
Bug fixes:
* device_time extraction has been re-worked a bit to avoid pulling in the wrong values
+++ 1.0.1 (2013-03-25)
Bug fixes:
* Better time matching in place for the time drift view. Now matches numerous formats and is fast, but shows all results
The Cisco IOS app can be downloaded, installed, and configured to receive Cisco IOS data by either using the Splunk app setup screen or by manually installing and configuring the app.
This app reads from the sourcetype cisco_ios defined in TA-cisco_ios
1.0.0 (2013-03-21)
Features:
* The app has been split up into two parts, one App for the search head and a
TA for indexers (TA-cisco_ios)
* Added BGP, EIGRP and MPLS LDP extractions
* Added time drift in Auditing
Currently requires the device time to be in this format Mar 21 19:29:47.320 CET or Mar 21 19:29:47.320
The search is quite slow
* Added tags
* Added time picker for each view
* Host search added for config change transactions
0.1.7 (2013-03-05)
Features:
* OSPF adjacency change regex added: adjchg
* OSPF adjacency change panel added to Routing -> Dashboard
* CDP neighbor add/remove eventtypes and extractions for Nexus switches added
* CDP neighborhood panel for Nexus switches added to Datacenter -> Dashboard
* Added all events to index "ios"
Bug fixes:
* Interface matching fixed, didn't capture multi slot/chassis interfaces
* CIM compliance for src_ip, src_vlan and dest_vlan
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.