Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cisco Networks App for Splunk Enterprise
SHA256 checksum (cisco-networks-app-for-splunk-enterprise_255.tgz) 0818e415f3623fc5b1e5b8b11f146d2ac67e2c74e849b378461cdb001d61754b SHA256 checksum (cisco-networks-app-for-splunk-enterprise_254.tgz) b4b08815c8075934d11a69f50b3fea910ef686f13f18c61a1594845a59641111 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_253.tgz) 6f27aef01acca5823e81cbb7a8dc8ea5dff78f8f14bfc71236cfa2822ace566d SHA256 checksum (cisco-networks-app-for-splunk-enterprise_252.tgz) b8448a40cbd21a6ba0b73c4eec8dc06c4457ca06876ac0abd9891c2b9c55309f SHA256 checksum (cisco-networks-app-for-splunk-enterprise_251.tgz) 8153a57bf40330c0563528087472ef346c2d724fe5425c8190699ca3516057ea SHA256 checksum (cisco-networks-app-for-splunk-enterprise_250.tgz) f68d74fa5112ed3c3b65789cd88d3aafa25a97b9f70e8c6bfb5c5f44128c2b8e SHA256 checksum (cisco-networks-app-for-splunk-enterprise_234.tgz) 299dc4198ff3928d8697e5a2564e15c51b471ff85300d51903fe637213f17bba SHA256 checksum (cisco-networks-app-for-splunk-enterprise_233.tgz) a6798446a418d75631b7e5a675347a2a75d640b2992553bc637fe38c68230237 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_232.tgz) d3c91678ed70af2932887a4b80b9f0f398ad303397b4841fbbbe58045013a510 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_230.tgz) ad1032d8e387235f659379072892b113df5217abb2b69c87faeac25de212c87c SHA256 checksum (cisco-networks-app-for-splunk-enterprise_221.zip) 6ad9c810ee66a708bddcd3b1b781527144d4c16112281700f7b128f0f87c3f25 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_220.zip) 924b6113b09c1db0102aba96b48a48457736ace52c121369112cf8e0f87bff10 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_211.tgz) 8be11bd6da778a2754833a19f0aa52997ea9d211b1c0444ee7eae686d3f86b5c SHA256 checksum (cisco-networks-app-for-splunk-enterprise_210.tgz) 4a19b4d4598305c025b9934d286ca5ca1d6ebe6663dc91ead875f7e8f15c62ec SHA256 checksum (cisco-networks-app-for-splunk-enterprise_200.tgz) 53df7e229768905495682e28f5637ca56f0b1ee128c53736dd7e861a8e6b1cc1 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_160.tgz) 634ed329f84bfc203d8ab7c1d46fd129c85ddd67ab4763bfc3199f7105b7b280 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_150.tgz) 649a6c17d1f798461029664f8d2e72c804e00553e5c51fa07fe45cd504eb21aa SHA256 checksum (cisco-networks-app-for-splunk-enterprise_132.tgz) 66ee486b3d7c120bd7af292fe781ee110f15ace8d921c1ee91d18623cc4eefbd SHA256 checksum (cisco-networks-app-for-splunk-enterprise_131.tgz) 307078ab6345dca5e77167d0d0c6249f459d319a5a9c094bf8aff0724c6be896 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_130.tgz) 47a58f6680133d173caa4ebc9962ef4a887824e55f6ce020a8165a211b6e2225 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_121.tgz) 5fbb9cb9e0def3f37b3087d1ae88e1ea08c4663c3f0773bfb2adec47ec9b4108 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_115.tgz) c7425080fda13a3bfd4faf0cc299b576a796bafce46ee9bdb67eb8ae153ecf06 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_113.tgz) 8049f8920fd54d45dcf500e33f5f712eb20d55242c429ab79938df4f7c830e57 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_111.tgz) 2ef0e488947bf6601979ddd231c7de099e655165fd0cd5979ec596205053688d SHA256 checksum (cisco-networks-app-for-splunk-enterprise_108.tgz) 7f5431eecb763a94127af80b171b25d6f7104500b76f3ebbdcabb953e7d96dae SHA256 checksum (cisco-networks-app-for-splunk-enterprise_105.tgz) 9a9f161c99d38eb34e745ce9a7aeca8deca8938177fe8f67d4552d82ad55ca92 SHA256 checksum (cisco-networks-app-for-splunk-enterprise_100.tgz) b442d6d971000fea5c039a74c3ea3cac0200a95a4b23626f0f930ff93e68ad8c SHA256 checksum (cisco-networks-app-for-splunk-enterprise_012.tgz) e0a99bf889374f53b851e49079f232533d31d13260cf212e55d265b209c6871b
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Cisco Networks App for Splunk Enterprise

Splunk AppInspect Passed
Overview
Details
The Cisco Networks App for Splunk Enterprise includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, IOS XR and NX-OS devices using Splunk® Enterprise.

Install this App on your search head. Install the Cisco Networks Add-on (TA-cisco_ios) on your search head AND indexers/heavy forwarders.

Supported Cisco Devices:
* Cisco Catalyst series switches (2960, 3650, 3750, 4500, 6500, 6800, 7600 etc.)
* Cisco ASR - Aggregation Services Routers (900, 1000, 5000, 9000 etc.)
* Cisco ISR - Integrated Services Routers (800, 1900, 2900, 3900, 4451 etc.)
* Cisco Nexus Data Center switches (1000V, 2000, 3000, 4000, 5000, 6000, 7000, 9000 etc.)
* Cisco Carrier Routing System
* Other Cisco IOS based devices (Metro Ethernet, Industrial Ethernet, Blade Switches, Connected Grid etc.)
* Cisco WLC - WLAN Controller

107060

The Cisco Networks App includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, IOS XR and NX-OS devices using Splunk® Enterprise.

Please post a question on Splunk Answers and tag it with "Cisco Networks" if there is anything you would like to see in this app.

Application Details

Sourcetype(s): cisco:ios
Supported Technologies: Cisco IOS, IOS-XE, NX-OS, IOS XR devices, WLC
Supported Splunk versions: 6.1+

Installation Instructions

The Cisco Networks app can be downloaded, installed, and configured to receive Cisco IOS and WLC data by either using the Splunk app setup screen or by manually installing and configuring the app.
This app reads from the sourcetype cisco:ios defined in TA-cisco_ios

Setup and configuration

1. Install in $SPLUNK_HOME/etc/apps/cisco_ios

2. Restart Splunk

3. See the Help page in the app

Getting Help

Release Notes

Version 2.5.5
July 4, 2018

##### Fixed issues

Version 2.5.5 of the Cisco Networks app fixes the following issues:

- Overview dashboard not showing due to bug with index filter

Version 2.5.4
April 20, 2018

##### New features

Cisco Networks includes the following new features:

- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode

##### Removed features

- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.

##### Fixed issues

Version 2.5.4 of the Cicso Networks app fixes the following issues:

- Various small fixes removing deprecated features

##### Known issues

Version 2.5.4 of the Cisco Networks app has the following known issues:

- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Index

Version 2.5.3
April 18, 2018

##### New features

Cisco Networks includes the following new features:

- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode

##### Removed features

- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.

##### Fixed issues

Version 2.5.3 of the Cicso Networks app fixes the following issues:

- Various small fixes removing deprecated features

Version 2.5.2
Jan. 26, 2018

##### New features

Cisco Networks includes the following new features:

- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode

##### Removed features

- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.

##### Fixed issues

Version 2.5.2 of the Cicso Networks app fixes the following issues:

- Various small fixes removing deprecated features

Version 2.5.1
Jan. 25, 2018

##### New features

Cisco Networks includes the following new features:

- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode

##### Removed features

- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.

##### Fixed issues

Version 2.5.1 of the Cicso Networks app fixes the following issues:

- Various small fixes removing deprecated features

Version 2.5.0
Jan. 22, 2018

##### New features

Cisco Networks includes the following new features:

- Multi tenancy support (COMMERCIAL USERS ONLY)
- Real-time dashboard added. You now have the option to switch between real-time and historical mode

##### Removed features

- SMART CALL HOME IS REMOVED ENTIRELY. If you require Inventory information, please get a NMS such as Cisco Prime Infrastructure.

##### Fixed issues

Version 2.5.0 of the Cicso Networks app fixes the following issues:

- Various small fixes removing deprecated features

Version 2.3.4
Oct. 27, 2016

##### New features

Cisco Networks includes the following new features:

- App certification

##### Fixed issues

Version 2.3.4 of the Cicso Networks app fixes the following issues:

- A few facility lookups were broken in cisco_ios_messages.csv
- Diagnostic messages panel in overview page now displays vendor_message_text instead of message_text. This hides the actual raw event, but prevents actual duplicate events from the same host cluttering the dashboard
- Other CSV file fixes

##### Known issues

Version 2.3.4 of the Cisco Networks app has the following known issues:

- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers

Version 2.3.3
Oct. 26, 2016

##### New features

Cisco Networks includes the following new features:

-

##### Fixed issues

Version 2.3.3 of the Cicso Networks app fixes the following issues:

- A few facility lookups were broken in cisco_ios_messages.csv
- Diagnostic messages panel in overview page now displays vendor_message_text instead of message_text. This hides the actual raw event, but prevents actual duplicate events from the same host cluttering the dashboard
- Other CSV file fixes

##### Known issues

Version 2.3.3 of the Cisco Networks app has the following known issues:

- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers

Version 2.3.2
Feb. 23, 2016

##### New features

Cisco Networks includes the following new features:

- Added some more panels to the Security -> ACL dashboard

##### Fixed issues

Version 2.3.2 of the Cicso Networks app fixes the following issues:

- Documentation for certification

##### Known issues

Version 2.3.2 of the Cisco Networks app has the following known issues:

- Unable to return raw events in Splunk Enterprise 6.3.0 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3.0 and the Vendor Message Lookup CSV file. Workarounds (choose one):
- Upgrade your servers to Splunk Enterprise 6.3.1 or higher
- Rename TA-cisco_ios/default/limits.conf.example as TA-cisco_ios/default/limits.conf your Search Head and Indexers

Version 2.3.0
Sept. 11, 2015

##### New features

Cisco Networks includes the following new features:

- Route flapping table added to the Routing Dashboard
- AP logging now supported
- Security ACL now does a sum of packets instead of counting rows

##### Fixed issues

Version 2.3.0 of the Cicso Networks app fixes the following issues:

- Change management transactions now resorts to using _time if event_id is missing.
- Changed result field for authentication events to vendor_action for CIM compliance. Also changed in the TA
- All searches now use eventtypes instead of sourcetype=cisco:ios

##### Known issues

Version 2.3.0 of the Cisco Networks app has the following known issues:

- Unable to return raw events in Splunk Enterprise 6.3 using searches such as sourcetype=cisco:ios unless in Fast Mode. This is due to a bug in Splunk Enterprise 6.3 and the Vendor Message Lookup CSV file. Workaround: Rename TA-cisco_ios/default/limits.conf.spec as TA-cisco_ios/default/limits.conf your Search Head and Indexers

Version 2.2.1
April 7, 2015

##### New features

Cisco Networks includes the following new features:

- Added WLC/IOS toggle to the overview page. UPDATE YOUR Cisco Networks Add-on too!

Version 2.2.0
Feb. 5, 2015

##### New features

Cisco Networks includes the following new features:

- Added facility category lookup file based on http://www.cisco.com/c/en/us/td/docs/ios/15_0sy/system/messages/15sysmg/sm15syovr.html
- Added variable name lookup file (not in use yet)
- Better documentation

##### Fixed issues

Version 2.2.0 of the Cicso Networks app fixes the following issues:

- Fixed static search on one single device for Smart Call Home events in the Device view
- Removed unused searches
- Wireless view corrected to get MAC addresses correctly output
- Improvements to get the app Splunk Certified

##### Known issues

Version 2.2.0 of the Cisco Networks app has the following known issues:

- None known

Version 2.1.1
Dec. 5, 2014

+++ 2.1.1 (2014-12-05)
Bug fixes:
* Time picker for Auditing Time Drift + CDP neigbors fixed (it was explicit)

Version 2.1.0
Dec. 3, 2014

++ What's New

+++ 2.1.0 (2014-10-30)
Features:
* NAME CHANGED TO Cisco Networks. Also download the latest TA-cisco_ios!
* More filters in the dashboards
* DOT1X now with more graphs

Version 2.0.0
Sept. 23, 2014

++ What's New

+++ 2.0.0 (2014-09-19)
Features:
* CIM 4.0 Compliance. MANY fields have changed names. You may need to change your custom searches
* Lots of new features. Dashboards have been fixed up, drilldowns enhanced, more Smart Call Home support
MAKE SURE YOU REMOVE EARLIER VERSIONS OF THE CISCO IOS APP BEFORE INSTALLING THIS VERSION!

Version 1.6.0
July 21, 2014

++ What's New

+++ 1.6.0 (2014-07-21)
Features:
* Device/s dashboard changed. Includes data collected with Smart Call Home.

Bug fixes:
* Routing dashboard no longer auto refreshes
* Drilldown now works better in the Event Analysis!
* CSV file moved out of the TA to the main app

Version 1.5.0
May 8, 2014

++ What's New

+++ 1.5.0 (2014-05-08)
Features:
* Added more fields to the data model
* Added an Event Analysis Dashboard to Auditing using the new lookups from TA-cisco_ios.
* Auditing -> Best Practice Deviations has been removed
* Map visualizations added to Security -> ACL

Version 1.3.2
April 24, 2014

++ What's New

+++ 1.3.2 (2014-04-23)
Added a new overview page (overview_postprocess_searches_no_pivot)
as a workaround for users having problems with Data Model powered
searches not displaying (Splunk defect SPL-83310) - THIS IS SLOW!

Bug fixes:
* Removed some unneccessary files.
* Moved Performance panels into a common performance_dashboard
Features:
* Preliminary support for IP SLA events (Performance dashboard)
* Optical transceiver attenuation monitoring (Switching -> Dashboard)

Version 1.3.1
April 17, 2014

++ What's New

+++ 1.3.1 (2014-04-17)
Bug fixes:
* 802.1x euthentications now renamed to 802.1x events, no longer a child of "User"
* Various small changes

Version 1.3.0
April 4, 2014

+++ 1.3.0 (2014-04-04)
Features:
* Now relies on Splunk 6! Data models are in use
Bug fixes:
* Device dashboard now fixed

Version 1.2.1
Feb. 17, 2014

+++ 1.2.1 (2014-02-17)
Features: Started work on a new Device dashboard

+++ 1.2.0 (2014-01-09)
Features:
* Moved props, transforms etc to the TA.
YOU NOW NEED THE TA ON YOUR SEARCH HEAD ALONGSIDE THE APP!

+++ 1.1.6 (2013-10-10)
Features:
* Started creating Data Models for Splunk 6.0

Bug fixes:
* Top ACL logs now counts num_packets

Version 1.1.5
Sept. 20, 2013

+++ 1.1.5 (2013-09-20)
Features:
* IOS XR support

Version 1.1.3
Aug. 14, 2013

+++ 1.1.3 (2013-08-12)
Bug fixes:
* Fixed bug that also captured events that were in the body of ACS events
* Now captures events from switches with a subfacility

+++ 1.1.2 (2013-07-22)
Features:
* Added wireless - more to come

Version 1.1.1
June 21, 2013

+++ 1.1.1 (2013-05-27)
Features:
* Add a reliable_time=true/false based on presence of *:
* More CIM compliance
* Fixed ACL logging for log-input

+++ 1.1.0 (2013-05-16)
Features:
* Smart Install view added to Auditing
* Added FHRP to Switching (no extractions yet)

+++ 1.0.9 (2013-04-26)
Features:
* Moved a few things around
* Etherchannel added to performance

Version 1.0.8
April 25, 2013

+++ 1.0.8 (2013-04-23)
Features:
* Added Switching nav
* Added Security nav
* Added extractions for DOT1X - this will be getting transaction tracking soon
Bug fixes:
* Fixed general extraction to handle integers in facility and mnmenonic

+++ 1.0.7 (2013-04-17)
Features:
* Regex support for WLC
* Added stack manager

+++ 1.0.6 (2013-04-12)
Features:
* Now extracts login successes and failures

Version 1.0.5
April 5, 2013

+++ 1.0.5 (2013-04-05)
Features:
* Added device restart/boot table to Auditing dashboard. Thanks jaoui

+++ 1.0.4 (2013-04-04)
Bug fixes:
* Fixed subfacility extraction

+++ 1.0.3 (2013-03-28)
Bug fixes:
* Minor under the hood improvements

+++ 1.0.2 (2013-03-26)
Features:
* More extractions added, not yet in any views
Bug fixes:
* device_time extraction has been re-worked a bit to avoid pulling in the wrong values

+++ 1.0.1 (2013-03-25)
Bug fixes:
* Better time matching in place for the time drift view. Now matches numerous formats and is fast, but shows all results

Version 1.0.0
March 25, 2013

The Cisco IOS app can be downloaded, installed, and configured to receive Cisco IOS data by either using the Splunk app setup screen or by manually installing and configuring the app.
This app reads from the sourcetype cisco_ios defined in TA-cisco_ios

1.0.0 (2013-03-21)
Features:
* The app has been split up into two parts, one App for the search head and a
TA for indexers (TA-cisco_ios)
* Added BGP, EIGRP and MPLS LDP extractions
* Added time drift in Auditing
Currently requires the device time to be in this format Mar 21 19:29:47.320 CET or Mar 21 19:29:47.320
The search is quite slow
* Added tags
* Added time picker for each view
* Host search added for config change transactions

0.1.7 (2013-03-05)
Features:
* OSPF adjacency change regex added: adjchg
* OSPF adjacency change panel added to Routing -> Dashboard
* CDP neighbor add/remove eventtypes and extractions for Nexus switches added
* CDP neighborhood panel for Nexus switches added to Datacenter -> Dashboard
* Added all events to index "ios"

Bug fixes:
* Interface matching fixed, didn't capture multi slot/chassis interfaces
* CIM compliance for src_ip, src_vlan and dest_vlan

Version 0.1.2
Feb. 3, 2013

3,078
Installs
37,344
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.