Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there already a SNMP MIB for Splunk that sends Splunk alerts to an external console?

gcusello
SplunkTrust
SplunkTrust
‎10-24-2016 03:52 AM

Hi at all,
I found the script to send Splunk alerts to an external console (e.g.: IBM Netcool) using SNMP, but does anyone know if there already is a SNMP Splunk MIB to do this?
Usually MIB is defined by the hardware or software supplier!
Thank you.
Bye.
Giuseppe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

TStrauch
Communicator
‎10-24-2016 04:12 AM

Hi Giuseppe,

i found this in the Splunk Wiki. Hope this helps.

http://wiki.splunk.com/Community:Splunk_Alert_MIB

kind regards

View solution in original post

Reply
Solved! Jump to solution

soumyasaha25
Contributor
‎09-18-2017 02:45 AM

The way i did it in one of my integrations was to send SNMP traps to an external console (eg Netcool) via a python script.
So whenever an alert was triggered in Splunk alert action would execute the python script to send the snmp traps. Can you also share how you achieved the integration.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-18-2017 03:16 AM

Hi soumyasaha25,
We realizad a connector that modify Splunk behaviour, because Splunk alert gives 8 parameters:

  • "Number of events returned by the saved search" "Search terms"
  • "Fully qualified search query string"
  • "Name of the saved search"
  • "Reason for saved search to trigger alert"
  • "URL to saved search"
  • "Tags belonging to the saved search, optional"
  • "Path on the Splunk Server to a file containing search results"

but I really need messages contained in the 8th parameter.

So we created a script that runs when alert is triggered and it perform the following actions:

  • it take the 8th parameter from the alert,
  • it untar file containing alert message from the above path,
  • it copy message in the alert's 8th parameter of the Splunk MIB,
  • it send message using Splunk MIB.

In this way the receive can receive the alert message in the Splunk MIB.

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

rashi83
Path Finder
‎08-18-2020 03:03 PM

@gcusello  : One question - thanks for explaining the integration method. One question , where did you put the MIB on - Splunk machine or the external device where Splunk alerts will be trapped ?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-18-2020 11:56 PM

Hi @rashi83,

the scrips must be on the Search Heads, wher you run the alerts because it's and action of the alert:

  • the external device send its logs to Splunk,
  • Splunk monitor logs running the alert with the defined frequency,
  • Splunk fires the alert where it finds the conditions and run the script that prepare the message and send it to NetCool ot the other destination.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

TStrauch
Communicator
‎10-24-2016 04:12 AM

Hi Giuseppe,

i found this in the Splunk Wiki. Hope this helps.

http://wiki.splunk.com/Community:Splunk_Alert_MIB

kind regards

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-25-2016 12:26 AM

Thank you.
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...