We are deploying a distributed Splunk instance. I install the TA-cisco_ios in my Indexers. Is there any other place need to be added?
Have 1 Search Head, 2 Indexers and 2 Syslogs collectors. The syslog collector is already configured in the outputs.conf to add the `sourcetype = cisco:ios` for every message coming in a specific path.
Did I need to add the TA also in the syslog collectors as well? The only installation in the search head will be the Cisco IOS app?
↧