All Apps and Add-ons

SNMP Modular Input deployment

fab73
Path Finder

Hi there, I couldn't find a simple info about "where" deploy SNMP Modular Input App for network monitoring SNMP host with splunk: do I need to install the App both on Search Head and also on Indexer? Actually I have some Indexer and a Search Head quering on these. Wich components on Indexer and Search Head ? ("SNMP Modular Input", "pyCrypto")

Thanks in advance

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.

View solution in original post

0 Karma

wcgage
Path Finder

It looks like 1.1 = iso

I think you may want to look at this:

If we look at the OBJECT ciscoCircuitInterfaceGroup

.1.3.6.1.4.1.9.9.160.3.2.1
ciscoCircuitInterfaceGroup OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The Cisco Circuit Interface MIB objects."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoCircuitInterfaceMIB(160) ciscoCircuitInterfaceMIBConformance(3) ciscoCircuitInterfaceMIBGroups(2) 1 }

You can see how the "1.3.6.1.4.1.9.9.160.3.2.1" is the numeric value.

So, walking the tree back some more....

.1.3.6.1.4.1.9.9.160
ciscoCircuitInterfaceMIB OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The MIB module to configure the circuit description
for an interface.
The circuit description can be used to describe and
identify circuits on interfaces like ATM,
frame-relay etc."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) 160 }

It starts to make more sense as you work in it, but it takes some time.

This is a handy tool:

https://www.marcuscom.com/snmptrans/

Now, reading the data back in.....

I think you will have to build some regex and lookups, unless someone has a better method.

0 Karma

fab73
Path Finder

Thanks Damien, I realized the same, because this App has no GUI! I will install it on a Indexer for a simple test to get SNMP OID data in for a simple test. Then I will use an Intermediate Forwarder on site. In this case I suppose the App it is needed only on the Imtermediate Forwarder. It is true?

0 Karma

Damien_Dallimor
Ultra Champion

Yes , that is correct.

0 Karma

duffeysplunk
Path Finder

Hello,

We have installed the app on a heavy forwarder. configured the input Object Name field with 1.1

Now, we are receiving data in from the poll, but we can't tell what it all really means.... should it convert to a more readable format?

0 Karma

Damien_Dallimor
Ultra Champion

In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...