I created a input stanza using app "SNMP Modular Input" to catch traps (Data Inputs->SNMP->New).
My device is already sending traps to my server (I can see it on wireshark), but the data is not being indexed in Splunk.
Any suggestion? I need to do some extra setup?
Followed this blog that I used as a reference:
Post your inputs.conf stanza
Follow my inputs.conf
communitystring = public
dobulkget = 0
dogetsubtree = 0
index = networkdevices
ipv6 = 0
snmpmode = traps
snmpversion = 2C
sourcetype = cisco:trap
splitbulkoutput = 0
traphost = deviceip
trapport = 162
traprdns = 0
v3authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
Try setting your trap_host to the fully qualified domain name that the trap is being sent to , or IP address etc...
I set the field trap_host with the hostname+domain and / or IP address and still didn't work .
My problem was that I had a SNMP service running on the Splunk server and it was already bound to the 162 port.
Now my inputs are working.
Hi monteirolopes, hey we got a request from a client to configure an Cisco Prime SNMP Trap Monitoring in splunk. To start with I need to create an Inputstanza which has the index=network sourcetype=cisco:network:primesnmp.
Could please guide me how to setup a monitoring for capturing the SNMP trap in splunk.
thanks in advance.