Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: SNMP Modular Input deployment
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there, I couldn't find a simple info about "where" deploy SNMP Modular Input App for network monitoring SNMP host with splunk: do I need to install the App both on Search Head and also on Indexer? Actually I have some Indexer and a Search Head quering on these. Wich components on Indexer and Search Head ? ("SNMP Modular Input", "pyCrypto")
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like 1.1 = iso
I think you may want to look at this:
If we look at the OBJECT ciscoCircuitInterfaceGroup
.1.3.6.1.4.1.9.9.160.3.2.1
ciscoCircuitInterfaceGroup OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The Cisco Circuit Interface MIB objects."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) ciscoCircuitInterfaceMIB(160) ciscoCircuitInterfaceMIBConformance(3) ciscoCircuitInterfaceMIBGroups(2) 1 }
You can see how the "1.3.6.1.4.1.9.9.160.3.2.1" is the numeric value.
So, walking the tree back some more....
.1.3.6.1.4.1.9.9.160
ciscoCircuitInterfaceMIB OBJECT-TYPE
-- FROM CISCO-CIRCUIT-INTERFACE-MIB
DESCRIPTION "The MIB module to configure the circuit description
for an interface.
The circuit description can be used to describe and
identify circuits on interfaces like ATM,
frame-relay etc."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) cisco(9) ciscoMgmt(9) 160 }
It starts to make more sense as you work in it, but it takes some time.
This is a handy tool:
https://www.marcuscom.com/snmptrans/
Now, reading the data back in.....
I think you will have to build some regex and lookups, unless someone has a better method.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Damien, I realized the same, because this App has no GUI! I will install it on a Indexer for a simple test to get SNMP OID data in for a simple test. Then I will use an Intermediate Forwarder on site. In this case I suppose the App it is needed only on the Imtermediate Forwarder. It is true?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes , that is correct.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We have installed the app on a heavy forwarder. configured the input Object Name field with 1.1
Now, we are receiving data in from the poll, but we can't tell what it all really means.... should it convert to a more readable format?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In a distributed architecture I recommend installing the app (all components untarred to etc/apps) on a Forwarder.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
