icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cisco Nexus 9k App for Splunk Enterprise
SHA256 checksum (cisco-nexus-9k-app-for-splunk-enterprise_210.tgz) cc22c462b8a8ca3efc90fd76d7751d3b7e16149ee3b94cb48cfd8c104d32bb73 SHA256 checksum (cisco-nexus-9k-app-for-splunk-enterprise_201.tgz) 68f0284832effbee7d9ac3260646ef0304baac2ad0d5b122b6995cf582fd8f6d SHA256 checksum (cisco-nexus-9k-app-for-splunk-enterprise_11.tgz) ad576258d1223dcd3376ef636e9031dfdff21e0565413d692953b57e5ab208db SHA256 checksum (cisco-nexus-9k-app-for-splunk-enterprise_10.tgz) f44c8012c938d102e19d51230e173555cf0942e89b63d5c47ed702f184546270
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Cisco Nexus 9k App for Splunk Enterprise

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Cisco Nexus 9000 Switches provide the foundation for Application Centric Infrastructure, delivering scalability, performance, and exceptional energy efficiency. Operating in Cisco NX-OS Software mode or in Application Centric Infrastructure (ACI) mode, these switches are ideal for traditional or fully automated data center deployments.

Cisco Nexus 9k App for Splunk Enterprise gathers data from Nexus 9k (standalone mode) enabling you to:

* Gain visibility into your entire Nexus deployment
* Track Inventory in terms of number of spines and leafs along with its line card, fan tray, power modules etc.
* Track Power and Temperature usage
* Authentication and Audit record of configuration changes on Nexus 9k
* Port Performance and statistics of the switch.

For Nexus switches in ACI mode, check out the Cisco ACI App for Splunk Enterprise.

Please ask questions by creating a TAC case on https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8

Cisco Nexus 9000 Switches provide the foundation for Application Centric Infrastructure, delivering scalability, performance, and exceptional energy efficiency. Operating in Cisco NX-OS Software mode or in Application Centric Infrastructure(ACI) mode, these switches are ideal for traditional or fully automated data center deployments.

For Nexus switches in ACI mode, check out the Cisco ACI App for Splunk Enterprise at https://apps.splunk.com/app/1896/.
Both apps can be deployed to provide centralized visibility across a mixed ACI and NX-OS environment

REQUIREMENTS

  • Splunk version supported 7.1, 7.2, 7.3 and 8.0
  • This main App requires "Cisco Nexus 9k Add-on for Splunk Enterprise" version 2.0.

Recommended System configuration

  • Splunk search head system should have 8 GB of RAM and a quad-core CPU to run this app smoothly.

Topology and Setting up Splunk Environment

  • This app has been distributed in two parts.

1) Add-on app, which runs collector scripts and gathers data from nexus 9k switches and also syslogs on udp port, does indexing on it and provides data to Main app.
2) Main app, which receives indexed data from Add-on app, runs searches on it and builds dashboard using indexed data.

  • This App can be set up in two ways:

1) Standalone Mode: Install main app and Add-on app on a single machine.

 * Here both the app resides on a single machine.
 * Main app uses the data collected by Add-on app and builds dashboard on it

2) Distributed Environment: Install main app and Add-on app on search head and only Add-on app on forwarder system.

  * Here also both the apps resides on search head machine, but no need to enable input scripts on search head.
  * Only Add-on app required to be installed on forwarder system.
  * Execute the following command to forward the collected data to the search head.
   $SPLUNK_HOME/bin/splunk add forward-server <search_head_ip_address>:9997
  * On Search head machine, enable event listening on port 9997 (recommended by Splunk).
  * Main app on search head uses the received data and builds dashboards on it.

Installation of App

  • This app can be installed either through UI through "Manage Apps" or by extracting zip file into /opt/splunk/etc/apps folder.
  • The app data defaults to 'main' index.
  • If you have created custom index for your Nexus 9k data follow below steps:
    1) If local folder does not exists, then create local folder inside $SPLUNK_HOME/etc/apps/cisco-app-Nexus-9k folder.
    2) Copy macros.conf file inside local folder from default folder.
    3) Replace definition = () with definition = index = <your_index> under nexus_index stanza.
  • Restart Splunk

  • Note: If the previous version of App is already installed, remove the cisco-app-Nexus-9k folder from Splunk app folder before installation of newer version or the user can upgrade the app from Splunk UI.

Upgradation of App/Add-on

Please disable all the scripted inputs before upgrading Add-on(TA_cisco-Nexus-9k).
Download the App package
From the UI navigate to Apps->Manage Apps
In the top right corner select "Install app from file"
Select "Choose File" and select the App package

  • Check Upgrade App
  • Select "Upload" and follow the prompts.
    #### OR
  • If newer version is available on splunkbase, then App/Add-on can be updated from UI also.
  • From the UI navigate to Apps->Manage Apps OR click on gear icon
  • Search for Cisco Nexus 9k App/Add-on
  • Click on 'Update to <version>' under Version Column.

Post upgradation steps

After successfully upgrading the Add-on(TA_cisco-Nexus-9k) follow the below steps.
* credentials.csv file will not be used for custom commands, User needs to follow below steps to configure the credentials.
* Go to Manage Apps -> Search for Cisco Nexus 9k App for Splunk Enterprise
* Click on setup under Action section
* Configure IP/Hostname and password
* User can configure multiple from the same setup page it will store the multiple values

Uninstallation of App

This section provides the steps to uninstall App from a standalone Splunk platform installation.

  • (Optional) If you want to remove data from Splunk database, you can use the below Splunk CLI clean command to remove indexed data from an app before deleting the app.
  • $SPLUNK_HOME/bin/splunk clean eventdata -index <index_name>

  • Delete the app and its directory. The app and its directory are typically located in the folder$SPLUNK_HOME/etc/apps/<appname> or run the following command in the CLI:

  • $SPLUNK_HOME/bin/splunk remove app [appname] -auth <splunk username>:<splunk password>

  • You may need to remove user-specific directories created for your app by deleting any files found here: $SPLUNK_HOME/bin/etc/users/*/<appname>

  • Restart the Splunk platform.You can navigate to Settings -> Server controls and click the restart button in splunk web UI or use the following splunk CLI command to restart splunk:

  • $SPLUNK_HOME/bin/splunk restart

Configuration of App

  • When app is installed or there is no local/passwords.conf file found, then user will be redirected to setup page containing ip address, username, password.He/She won't be able to view dashboards until credentials are not provided.
  • If user wants to enter more credentials then he/she can go to Apps->Manage Apps->Set up cisco-app-Nexus-9k.It will open a set up screen which will ask for credentials.
  • Splunk REST API will encrypt the password and store it in app itself(local/passwords.conf) in encrypted form, nxapicollector custom command will fetch these credentials through REST API to connect to the Nexus 9k.
  • The app data defaults to 'https' scheme for all its calls between the Nexus 9k switch and Splunk.
  • If your switch is http configured, perform below steps:
    1) If local folder does not exists, then create local folder inside $SPLUNK_HOME/etc/apps/cisco-app-Nexus-9k folder.
    2) Copy default/cisco_nexus_setup.conf file in your local folder.
    3) Change the value of HTTP_SCHEME to http in your local/cisco_nexus_setup.conf file.
    4) Restart Splunk.

  • Note: Whenever user wants to change the credentials, he/she needs to remove the current entry from directory cisco-app-Nexus-9k/local/passwords.conf first, restart the splunk then provide the credentials through UI. (This time credentials will be asked when app is opened for first time.)

TEST YOUR INSTALL

After TA App is configured to receive data from nexus 9k switches, The main app dashboard can take some time before the data is populated in all panels. A good test to see that you are receiving all of the data is to run this search after several minutes:

index=<your_index> | stats count by sourcetype

In particular, you should see this sourcetype:
* cisco:nexus:json

If you don't see these sourcetype, have a look at the messages output by the scripted input: Collect.py. Here is a sample search that will show them

index=_internal component="ExecProcessor" collect.py "Nexus Error"| table _time host log_level message

Create your own index:

  • The app data defaults to 'main' index.
  • If you need to specify a particular index for your Nexus 9k data, for ex. 'n9000' follow below steps:
    1) If local folder does not exists, then create local folder inside $SPLUNK_HOME/etc/apps/TA_cisco-Nexus-9k folder.
    2) Create an indexes.conf file inside local folder.
    3) Add following stanza inside indexes.conf file (when index name is n9000):
    [n9000]
    coldPath = $SPLUNK_DB/n9000/colddb
    homePath = $SPLUNK_DB/n9000/db
    thawedPath = $SPLUNK_DB/n9000/thaweddb
    4) Restart Splunk.
  • Once you specify your index, edit the inputs.conf file and add a line index = <your_index> under each script stanza.

The list of Python library used

  1. Xmltodict Client Library
    Link: https://pypi.org/project/xmltodict/
    Author: Martin Blech
    Home Page: https://github.com/martinblech/xmltodict
    License :: OSI Approved :: MIT License
    Operating System :: OS Independent
    Programming Language :: Python
    Programming Language :: Python :: 2.5
    Programming Language :: Python :: 2.6
    Programming Language :: Python :: 2.7
    Programming Language :: Python :: 3

  2. d3.js
    Link: https://d3js.org
    Home Page: https://github.com/d3/d3
    License :: BSD license
    Operating System :: OS Independent

ABOUT THE DATA

Field names are case sensitive in the nexus 9k. Every event starts with the timestamp, and always contains device from which that particular event came.For simplification we can add one additional field in each event named "component" and provide appropriate value to it so that we can easily segregate the data on the basis of its component name.

Below are two sample event records. First one gives system resource details in Json format and the other one gives accounting logs in key=value form as a raw data.

1)

{"device": "x.x.x.x", "timestamp": "2014-06-23 01:20:19", "Row_info": {"cpuid": "0", "kernel": "0.99", "idle": "99.00", "user": "0.00"}, "component": "nxresource"}
{"device": "x.x.x.x", "timestamp": "2014-06-23 01:20:19", "Row_info": {"cpuid": "1", "kernel": "0.00", "idle": "100.00", "user": "0.00"}, "component": "nxresource"}
{"device": "x.x.x.x", "timestamp": "2014-06-23 01:20:19", "Row_info": {"cpuid": "2", "kernel": "0.00", "idle": "100.00", "user": "0.00"}, "component": "nxresource"}
{"device": "x.x.x.x", "timestamp": "2014-06-23 01:20:19", "Row_info": {"cpuid": "3", "kernel": "0.00", "idle": "100.00", "user": "0.00"}, "component": "nxresource"}

2)

{"device": "x.x.x.x", "Row_info": {"hw": "0.1010", "sw": "6.1(2)I2(2a)", "modwwn": "1", "slottype": "LC1"}, "timestamp": "2015-01-01 09:05:08", "component": "nxinventory"}

NX-API Collector(Custom Search Command Reports)

This app provides a generic NX-API collector which empowers users to make use of NX-API provided by Nexus 9k and periodically track certain data from 9k switch. It simply takes switch CLI and convert it into NX-API call and provide data which can be saved as a dashboard.

Every time the saved dashboard is clicked, splunk makes a call to switch using NX-API and fetch current data for that dashboard. Note that this data will not be saved in splunk database.

Please follow below given steps to generate custom command reports.

1) Go to search option and enter your search in search bar.
You have different option for custom search command:

  • | nxapicollect command="your cli" (Make sure credentials for this devices are already configured through setup page and your command will fetch credentials for switch from Splunk's \storage\passwords endpoint)
  • | nxapicollect command="your cli" device="x.x.x.x"
  • | nxapicollect command="your cli" device="x.x.x.x,y.y.y.y"
  • | nxapicollect command="your cli" device="x.x.x.x" username="username" password="password"

2) Click on Save As and click on Dashboard Panel to store your result in dashboard.

3) Enter Dashboard Title. You have to give "report" keyword in giving dashboard title.

4) You can see your dashboard in Custom reports.(In menu bar)

Saved Searches

This app provide savedsearches which generate lookup files or provides interface details.

  • savedsearches which generates lookup files
  • hostname - generates hostname.csv file
  • moduleSwHwVersion - generates inventory_modinf.csv file
  • powerStatus - generates powerStatus.csv file
  • temperature - generates temperatureLookup.csv file
  • version - generates version.csv file

  • savedsearch which provide interface details

  • Interface_Details - provide details of all the physical interfaces

NX-API COLLECTOR TOOL

This app provides a generic NX-API collector which empowers users to make use of NX-API provided by Nexus 9k and periodically track certain data from 9k switch. It simply takes switch CLI and convert it into NX-API call and provide data which can be saved as a dashboard.

This app provides feature of Splunk custom search command. We have implemented Splunk custom search command called "nxapicollect".

GETTING HELP

This app is supported by Cisco Systems.
Please ask questions by creating a TAC case on https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8
OR contact us at 1 800 553 2447 or 1 408 526 7209

Release Notes

Version 2.1.0
Feb. 6, 2020

Added support of Splunk 8.x

Version 2.0.1
Nov. 25, 2019

Version v2.0.1
* Added setup page for credentials configuration to store in storage/passwords
* Added few drilldowns to show table events for more insights
* Removed credentials.csv support to suffice cloud cert checks
* Removed default lookup files that are generated by savedsearches

Version 1.1
April 1, 2015

Version 1.0
Dec. 1, 2014

62
Installs
1,045
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.