All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SNMP Modular Input: I created an input stanza to capture traps, but why is the data not getting indexed in Splunk?

monteirolopes
Communicator
‎05-24-2016 09:46 AM

Hi,

I created a input stanza using app "SNMP Modular Input" to catch traps (Data Inputs->SNMP->New).

My device is already sending traps to my server (I can see it on wireshark), but the data is not being indexed in Splunk.

Any suggestion? I need to do some extra setup?

Followed this blog that I used as a reference:
http://blogs.splunk.com/2013/06/27/making-snmp-simpler/

Best Regards,
Lopes.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

monteirolopes
Communicator
‎05-31-2016 06:51 AM

Damien Dallimore,

My problem was that I had a SNMP service running on the Splunk server and it was already bound to the 162 port.
Now my inputs are working.

Thank you!

Best regard,
Lopes.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Hemnaath
Motivator
‎12-06-2017 09:26 AM

Hi monteirolopes, hey we got a request from a client to configure an Cisco Prime SNMP Trap Monitoring in splunk. To start with I need to create an Inputstanza which has the index=network sourcetype=cisco:network:primesnmp.

Could please guide me how to setup a monitoring for capturing the SNMP trap in splunk.

thanks in advance.

0 Karma
Reply
Solved! Jump to solution
Solution

monteirolopes
Communicator
‎05-31-2016 06:51 AM

Damien Dallimore,

My problem was that I had a SNMP service running on the Splunk server and it was already bound to the 162 port.
Now my inputs are working.

Thank you!

Best regard,
Lopes.

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎05-30-2016 03:51 AM

Try setting your trap_host to the fully qualified domain name that the trap is being sent to , or IP address etc...

0 Karma
Reply
Solved! Jump to solution

monteirolopes
Communicator
‎05-30-2016 06:14 AM

I set the field trap_host with the hostname+domain and / or IP address and still didn't work .
Another suggestion?

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎05-24-2016 05:04 PM

Post your inputs.conf stanza

Reply
Solved! Jump to solution

monteirolopes
Communicator
‎05-25-2016 05:29 AM

Follow my inputs.conf

[snmp://trap]
communitystring = public
do_bulk_get = 0
do_get_subtree = 0
index = networkdevices
ipv6 = 0
snmp_mode = traps
snmp_version = 2C
sourcetype = cisco:trap
split_bulk_output = 0
trap_host = deviceip
trap_port = 162
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top