R12.1 JA-2025July15

Configure the Data View Template

Set up default Source and source type options:

  1. Navigate to Data View Template Manager.
    • Start Menu  > Data View Template Manager
  2. Search for Splunk > Select [Splunk] Device Syslog Search.

  3. Click Input Dialog: 3.

  4. Select source > Replace NetworkBrain Lab to the actual source name of Splunk network Syslog in Option Values. Keep the pipe ("|") as a delimiter.

  5. Select source > Replace "Network Syslog" to the actual source type name of Splunk network Syslog in Option Values. Keep the pipe ("|") as a delimiter.
  6. Click Save.
    Information

    Note:

    1. This network syslog search function is built based on the device level, which requires the device hostname to be included in the syslog message. If syslog message doesn’t have a hostname included yet, the search job will not find any logs.
    2. The steps above are the configuration of the network device syslog basic searching scope. If other fields are used besides “source” and “sourcetype”, please contact NetBrain Support at [email protected] to request custom source setting changes.

Visualize the Splunk Log Search Result with DVT Configure the SPOG Link