You might need to identify Cisco devices reporting high temperatures when doing the following:
Prerequisites
In order to execute this procedure in your environment, the following data, services, or apps are required:
- Cisco Networks Add-on for Splunk Enterprise
- Syslog data collection tier. The Cisco IOS system message logging process uses the syslog protocol to send important messages to remote logging services, such as Splunk. The required add-on expects the data stream to be assigned the syslog sourcetype by the input configuration and will rename it to cisco:ios in the transformation configuration. For details on how the transformation is implemented, see the props.conf and transforms.conf in the add-on and the Splunk documentation. For more information on syslog and Splunk, see the (SYSLOG) Syslog Data Collection section of the Splunk Validated Architectures white paper.
Example
Overheating of any electronic device can lead to performance problems and device failures. Cisco IOS devices emit a message when various temperature sensors exceed preconfigured thresholds. You want to identify and investigate any device currently reporting high temperature alarms.
NOTE: To optimize the search shown below, you should specify an index and a time range.
- Run the following search:
sourcetype=cisco:ios alarm=Temperature
| stats stats sparkline(count,15m) AS Trend count BY dvc mnemonic alarm operating_value severity
| sort - count
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
Splunk Search |
Explanation |
sourcetype=cisco:ios |
Search only Cisco IOS data. |
alarm=Temperature |
Filter for alarm temperature messages. |
| stats stats sparkline(count,15m) AS Trend count BY dvc mnemonic alarm operating_value severity |
Count the number of alarms by device and display further details. Use a sparkline to show the trend of count over 15 minutes. |
| sort - count |
Sort the results with the highest count first. |
Result
The following sample result from the search shows the temperature alarms, the device involved, severity, and values, as well as the count for each result. The sparkline is not shown below but would be rendered by Splunk.
dvc |
mnemonic |
alarm |
operating_value |
severity |
count |
osl-e-310-swi-3 |
THRESHOLD_VIOLATION |
Temperature |
-101.6 |
low |
62 |
sto-c-001-rtr-1 |
THRESHOLD_VIOLATION |
Temperature |
-101.6 |
low |
45 |
cph-c-001-rtr-1 |
THRESHOLD_VIOLATION |
Temperature |
-101.6 |
low |
43 |
Comments
0 comments
Please sign in to leave a comment.