Solved: Trying to get SNMP data into Splunk... - Page 2

cpt12tech · ‎03-16-2016

I'm having problems getting any SNMP data into Splunk using the SNMP Modular Input. I've set up a Polling Input that is polling a Windows 2008 Server. So far no data has shown up in Splunk.

I've checked for errors using:
index=_internal ExecProcessor error snmp.py
and don't see any results.

[snmp://Archive]
communitystring = public
destination = 192.168.1.101
do_bulk_get = 1
do_get_subtree = 1
host = Archive
ipv6 = 0
snmp_mode = attributes
snmp_version = 2C
sourcetype = snmp_ta
split_bulk_output = 0
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

cpt12tech · ‎03-22-2017

I'm now receiving traps into Splunk.

I ran into an issue while working on SNMP where I couldn't see the Data Inputs in Splunk 6.4.2.
https://answers.splunk.com/answers/427846/clicking-on-data-inputs-shows-500-internal-server.html
This has been fixed in 6.4.3.

Just now getting back to working on getting SNMP traps into Splunk. I'm not sure what fixed the problem, however the server I'm running Splunk on has three NICs attached to 3 different subnets. The traps in the Data Input were set to localhost. Using wireshark I could see what address the SNMP traps were being addressed to, added that IP to my SNMP trap in the Data Inputs and data began to flow into splunk. Haven't gotten polling working, but that's a different issue.

Pretty sure I tried those different IP addresses in the past, but not 100% sure.

Many thanks to jkat54 & pmeyerson for their help!

View solution in original post

Trying to get SNMP data into Splunk...

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!