topic Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console? in Alerting

Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

gcusello — Mon, 24 Oct 2016 10:52:33 GMT

Hi at all,
I found the script to send Splunk alerts to an external console (e.g.: IBM Netcool) using SNMP, but does anyone know if there already is a SNMP Splunk MIB to do this?
Usually MIB is defined by the hardware or software supplier!
Thank you.
Bye.
Giuseppe

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

TStrauch — Mon, 24 Oct 2016 11:12:43 GMT

Hi Giuseppe,

i found this in the Splunk Wiki. Hope this helps.

http://wiki.splunk.com/Community:Splunk_Alert_MIB

kind regards

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

gcusello — Tue, 25 Oct 2016 07:26:11 GMT

Thank you.
Bye.
Giuseppe

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

soumyasaha25 — Mon, 18 Sep 2017 09:45:22 GMT

The way i did it in one of my integrations was to send SNMP traps to an external console (eg Netcool) via a python script.
So whenever an alert was triggered in Splunk alert action would execute the python script to send the snmp traps. Can you also share how you achieved the integration.

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

gcusello — Mon, 18 Sep 2017 10:16:25 GMT

Hi soumyasaha25,
We realizad a connector that modify Splunk behaviour, because Splunk alert gives 8 parameters:

"Number of events returned by the saved search" "Search terms"
"Fully qualified search query string"
"Name of the saved search"
"Reason for saved search to trigger alert"
"URL to saved search"
"Tags belonging to the saved search, optional"
"Path on the Splunk Server to a file containing search results"

but I really need messages contained in the 8th parameter.

So we created a script that runs when alert is triggered and it perform the following actions:

it take the 8th parameter from the alert,
it untar file containing alert message from the above path,
it copy message in the alert's 8th parameter of the Splunk MIB,
it send message using Splunk MIB.

In this way the receive can receive the alert message in the Splunk MIB.

Bye.
Giuseppe

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

rashi83 — Tue, 18 Aug 2020 22:03:08 GMT

@gcusello : One question - thanks for explaining the integration method. One question , where did you put the MIB on - Splunk machine or the external device where Splunk alerts will be trapped ?

Re: Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

gcusello — Wed, 19 Aug 2020 06:56:40 GMT

Hi @rashi83,

the scrips must be on the Search Heads, wher you run the alerts because it's and action of the alert:

the external device send its logs to Splunk,
Splunk monitor logs running the alert with the defined frequency,
Splunk fires the alert where it finds the conditions and run the script that prepare the message and send it to NetCool ot the other destination.

Ciao.

Giuseppe