All Apps and Add-ons

SNMP Modular Input deployment

fab73
Path Finder

Hi there, I couldn't find a simple info about "where" deploy SNMP Modular Input App for network monitoring SNMP host with splunk: do I need to install the App both on Search Head and also on Indexer? Actually I have some Indexer and a Search Head quering on these. Wich components on Indexer and Search Head ? ("SNMP Modular Input", "pyCrypto")

Thanks in advance

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.

View solution in original post

0 Karma

wcgage
Path Finder

It looks like 1.1 = iso

I think you may want to look at this:

If we look at the OBJECT ciscoCircuitInterfaceGroup

.1.3.6.1.4.1.9.9.160.3.2.1
ciscoCircuitInterfaceGroup OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The Cisco Circuit Interface MIB objects."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoCircuitInterfaceMIB(160) ciscoCircuitInterfaceMIBConformance(3) ciscoCircuitInterfaceMIBGroups(2) 1 }

You can see how the "1.3.6.1.4.1.9.9.160.3.2.1" is the numeric value.

So, walking the tree back some more....

.1.3.6.1.4.1.9.9.160
ciscoCircuitInterfaceMIB OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The MIB module to configure the circuit description
for an interface.
The circuit description can be used to describe and
identify circuits on interfaces like ATM,
frame-relay etc."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) 160 }

It starts to make more sense as you work in it, but it takes some time.

This is a handy tool:

https://www.marcuscom.com/snmptrans/

Now, reading the data back in.....

I think you will have to build some regex and lookups, unless someone has a better method.

0 Karma

fab73
Path Finder

Thanks Damien, I realized the same, because this App has no GUI! I will install it on a Indexer for a simple test to get SNMP OID data in for a simple test. Then I will use an Intermediate Forwarder on site. In this case I suppose the App it is needed only on the Imtermediate Forwarder. It is true?

0 Karma

Damien_Dallimor
Ultra Champion

Yes , that is correct.

0 Karma

duffeysplunk
Path Finder

Hello,

We have installed the app on a heavy forwarder. configured the input Object Name field with 1.1

Now, we are receiving data in from the poll, but we can't tell what it all really means.... should it convert to a more readable format?

0 Karma

Damien_Dallimor
Ultra Champion

In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.

View solution in original post

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!