High temperature alarm in Cisco IOS devices

You might need to identify Cisco devices reporting high temperatures when doing the following:

• Managing Cisco devices

Prerequisites 

In order to execute this procedure in your environment, the following data, services, or apps are required:

• Cisco Networks Add-on for Splunk Enterprise
• Syslog data collection tier. The Cisco IOS system message logging process uses the syslog protocol to send important messages to remote logging services, such as Splunk. The required add-on expects the data stream to be assigned the syslog sourcetype by the input configuration and will rename it to cisco:ios in the transformation configuration. For details on how the transformation is implemented, see the props.conf and transforms.conf in the add-on and the Splunk documentation. For more information on syslog and Splunk, see the (SYSLOG) Syslog Data Collection section of the Splunk Validated Architectures white paper.

Example

Overheating of any electronic device can lead to performance problems and device failures. Cisco IOS devices emit a message when various temperature sensors exceed preconfigured thresholds. You want to identify and investigate any device currently reporting high temperature alarms.

NOTE: To optimize the search shown below, you should specify an index and a time range. 

1. Run the following search: 

sourcetype=cisco:ios alarm=Temperature 
| stats stats sparkline(count,15m) AS Trend count BY dvc mnemonic alarm operating_value severity 
| sort - count 

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Result

The following sample result from the search shows the temperature alarms, the device involved, severity, and values, as well as the count for each result. The sparkline is not shown below but would be rendered by Splunk.