- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- SNMP modular input not indexing data for multiple ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SNMP modular input not indexing data for multiple oid's in v3
SNMP v3 (AuthNoPriv) is not indexing data when it contains multiple comma separated OID's in configuration.
[snmp://<ip>]
destination = <ip>
do_bulk_get = 1
host = <ip>
index = netapp
ipv6 = 0
mib_names = NETWORK-APPLIANCE-MIB
object_names = 1.3.6.1.4.1.789.1.5.11.1.9,1.3.6.1.4.1.789.1.5.4.1.1,1.3.6.1.4.1.789.1.5.4.1.10,1.3.6.1.4.1.789.1.5.4.1.14,1.3.6.1.4.1.789.1.5.4.1.15,1.3.6.1.4.1.789.1.5.4.1.16,1.3.6.1.4.1.789.1.5.4.1.17,1.3.6.1.4.1.789.1.5.4.1.18,1.3.6.1.4.1.789.1.5.4.1.19
snmp_mode = attributes
snmp_version = 3
snmpinterval = 60
sourcetype = IP
split_bulk_output = 1
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
v3_securityName = User_name
v3_authKey = PassWord
But if I configure it with only one OID then it is getting data into Splunk.
object_names = 1.3.6.1.4.1.789.1.5.11.1.9
This problem is with SNMP v3 version please help.
Thanks in advance
Harshal
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well , according to your log message :
Exception with bulkCmd to <ip>:161: string index out of range
One of your OIDs is most likely incorrect for performing an SNMP walk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Damien, I have tested SNMP with SNMP v2 and it works for multiple OIDs successfully. When I change it to SNMP v3 it doesn't working with multiple OIDs, but it works with single OID (one OID) at a time.
Following is the error for SNMP v3 multiple OIDs: "No SNMP response received before timeout".
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
Did you solve this problem?
I have similar problem, but with multiple hosts. I have 140 servers, which cpu i must monitor, and use snmp polling for it. But from 140 servers, i get only 110-120. And after every restart of splunk, the number of servers change between 110-120. For example if taking from server A smnp logs, after restart it may not work.
And in splunkd.log getting similar error like yours:
05-20-2020 09:54:41.578 +0600 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" obj.handle_error()
05-20-2020 10:16:31.405 +0600 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" Exception with getCmd to 192.168.1.34:161: poll error: Traceback (most recent call last):
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By the way, for one input I'm writing 3 hosts. And now have 47 data inputs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2014 14:02:58.404 +0200 ERROR ExecProcessor - message from "python "D:\Program files\Splunk\etc\apps\snmp_ta\bin\snmp.py"" snmp_stanza:snmp://<ip> snmp_destination:<ip> snmp_port:161
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have configured all OIDs separately to check whether it indexes data. Then Splunk is collecting data from all OIDs. But when I configure multiple OIDs at one time following message occurred please help.
Disabled "Perform GET BULK" and "Split Bulk Results".
06-20-2014 14:02:58.404 +0200 ERROR ExecProcessor - message from "python "D:\Program files\Splunk\etc\apps\snmp_ta\bin\snmp.py"" Exception with getCmd to <ip>:161: poll error: Traceback (most recent call last):
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And also following error.
6/18/14
1:44:32.817 PM
06-18-2014 13:44:32.817 +0200 ERROR ExecProcessor - message from "python "D:\Program files\Splunk\etc\apps\snmp_ta\bin\snmp.py"" No SNMP response received before timeout snmp_stanza:snmp://<ip> snmp_destination:<ip> snmp_port:161
But if I configure it with one or two OIDs Splunk indexing data and no error message please help. I am using SNMP modular input v1.2.3 and Splunk 6.0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2014 11:35:43.593 +0200 ERROR ExecProcessor - message from "python "D:\Program files\Splunk\etc\apps\snmp_ta\bin\snmp.py"" Exception with bulkCmd to
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any error messages ?
Search -> index=_internal ExecProcessor error snmp.py
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
