I'm having problems getting any SNMP data into Splunk using the SNMP Modular Input. I've set up a Polling Input that is polling a Windows 2008 Server. So far no data has shown up in Splunk.
I've checked for errors using:
index=_internal ExecProcessor error snmp.py
and don't see any results.
[snmp://Archive]
communitystring = public
destination = 192.168.1.101
do_bulk_get = 1
do_get_subtree = 1
host = Archive
ipv6 = 0
snmp_mode = attributes
snmp_version = 2C
sourcetype = snmp_ta
split_bulk_output = 0
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
I'm now receiving traps into Splunk.
I ran into an issue while working on SNMP where I couldn't see the Data Inputs in Splunk 6.4.2.
https://answers.splunk.com/answers/427846/clicking-on-data-inputs-shows-500-internal-server.html
This has been fixed in 6.4.3.
Just now getting back to working on getting SNMP traps into Splunk. I'm not sure what fixed the problem, however the server I'm running Splunk on has three NICs attached to 3 different subnets. The traps in the Data Input were set to localhost. Using wireshark I could see what address the SNMP traps were being addressed to, added that IP to my SNMP trap in the Data Inputs and data began to flow into splunk. Haven't gotten polling working, but that's a different issue.
Pretty sure I tried those different IP addresses in the past, but not 100% sure.
Many thanks to jkat54 & pmeyerson for their help!