Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA

Use the Troubleshooting dashboard

As of version 5.2.0, the Splunk Add-on for Cisco ASA provides a Troubleshooting dashboard that lets you quickly spot possible issues and monitor event ingestion. This dashboard lets you view the message analytics data for the Splunk Add-on for Cisco ASA.

  1. Navigate to the Dashboards tab.
  2. Find the "Cisco ASA TA Troubleshooting Dashboard."
  3. Select the time range from the timepicker with the label "Time for logs" in the top left corner.
  4. View different analytics and panels related to Splunk Add-on for Cisco ASA logs.

Supported panels:

  • Add-on version: Identifies the Add-on version.
  • Number of events: Displays the total number of events ingested.
  • Event count time chart: Displays the number of events ingested between time intervals.
  • Distributions of events by index: Displays the distribution of events that are ingested among various indexes.
  • Total number of events: Displays the exact count of events that are ingested in various indexes.
  • Events ingested by sources: Displays event distribution from various sources over a specific time range.
  • Top message IDs:Displays the distribution of message_id fields of the events ingested under the filtered time range and in the specific index.
  • CIM-supported events: Displays a count of events that are mapped with relevant data models. This requires installation of Splunk CIM https://splunkbase.splunk.com/app/1621

These panels provide comprehensive visibility into data ingestion of the Cisco ASA TA Troubleshooting Dashboard, empowering users to monitor their Splunk environment effectively.

Monitor the Cisco ASA Event Count Time-based chart

This panel provides a time-series graph of the Cisco ASA events ingested in Splunk. It enables users to determine when Cisco ASA events are ingested in their Splunk environment. After figuring out the time range, the user can identify the event count ingestion and monitor the event flow. The time-series graph will be populated based on the _time of the event.

Configure indexes for the Cisco ASA dashboard

To determine from which index dashboard information saved search should collect information, the add-on uses the Cisco_ASA_Index macro. Since it cannot be determined in advance what index will be used, the macro is set to "default","netfw". In cases where Cisco ASA syslog data is collected in different indexes, update the macro by specifying the index used to collect syslog data. Use the following steps to configure the search index:

  1. Go to Menu > Settings > Advanced Search.
  2. Click Search macros.
  3. Search Cisco_ASA_Index and click Cisco_ASA_Index in the Name column.
  4. In the Definition field, replace ("default","netfw") with the required list of indexes.
  5. Click Save.
Last modified on 29 May, 2024
Troubleshoot the Splunk Add-on for Cisco ASA   Source and event types for the Splunk Add-on for Cisco ASA

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters