Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: SNMP Modular Input: I created an input stanza ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I created a input stanza using app "SNMP Modular Input" to catch traps (Data Inputs->SNMP->New).
My device is already sending traps to my server (I can see it on wireshark), but the data is not being indexed in Splunk.
Any suggestion? I need to do some extra setup?
Followed this blog that I used as a reference:
http://blogs.splunk.com/2013/06/27/making-snmp-simpler/
Best Regards,
Lopes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Damien Dallimore,
My problem was that I had a SNMP service running on the Splunk server and it was already bound to the 162 port.
Now my inputs are working.
Thank you!
Best regard,
Lopes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi monteirolopes, hey we got a request from a client to configure an Cisco Prime SNMP Trap Monitoring in splunk. To start with I need to create an Inputstanza which has the index=network sourcetype=cisco:network:primesnmp.
Could please guide me how to setup a monitoring for capturing the SNMP trap in splunk.
thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Damien Dallimore,
My problem was that I had a SNMP service running on the Splunk server and it was already bound to the 162 port.
Now my inputs are working.
Thank you!
Best regard,
Lopes.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try setting your trap_host to the fully qualified domain name that the trap is being sent to , or IP address etc...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I set the field trap_host with the hostname+domain and / or IP address and still didn't work .
Another suggestion?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Post your inputs.conf stanza
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Follow my inputs.conf
[snmp://trap]
communitystring = public
do_bulk_get = 0
do_get_subtree = 0
index = networkdevices
ipv6 = 0
snmp_mode = traps
snmp_version = 2C
sourcetype = cisco:trap
split_bulk_output = 0
trap_host = deviceip
trap_port = 162
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
