All Apps and Add-ons

cannot get search result by snmp modular input

akdake
Explorer

now I am meeting difficulty in using snmp moudule inputs,

The OS platform is centos 5.9 , I have installed pyasn and pysnmp,
I create input in snmp moudule,as following

[snmp://172.17.1.4]
communitystring = siten
destination = 172.17.1.4
do_bulk_get = 0
index = eddy
ipv6 = 0
mib_names = CISCO-C2900-MIB,IP-MIB,IF-MIB
port = 161
snmp_mode = attributes
snmp_version = 1
sourcetype = snmp
split_bulk_output = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

Howerver, I cannot get the search result, I am sure the snmp polling target 172.17.1.4 is available, wich can be accessed by other snmp tools.
who can tell me what is the trouble? and details setup step? Please, Thanks a lot.

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

First of all , "... I have installed pyasn and pysnmp..."

You don't have to do this , nor is this documented. All the dependent python packages are bundled in with the SNMP Modular Input.

Now some observations and tips :

Any errors in the logs ? Search in splunk such as : "index=_internal ExecProcessor error snmp.py"

I see you have overridden the default sourcetype of "snmp_ta" with "snmp". Any reason why ?

What search are you using that is not showing up anything ? what timeframe are you searching over ?

Have you converted your CISCO-C2900-MIB mib correctly and placed the CISCO-C2900-MIB.py file (named as such) in snmp_ta/bin/mibs ?

View solution in original post

Damien_Dallimor
Ultra Champion

First of all , "... I have installed pyasn and pysnmp..."

You don't have to do this , nor is this documented. All the dependent python packages are bundled in with the SNMP Modular Input.

Now some observations and tips :

Any errors in the logs ? Search in splunk such as : "index=_internal ExecProcessor error snmp.py"

I see you have overridden the default sourcetype of "snmp_ta" with "snmp". Any reason why ?

What search are you using that is not showing up anything ? what timeframe are you searching over ?

Have you converted your CISCO-C2900-MIB mib correctly and placed the CISCO-C2900-MIB.py file (named as such) in snmp_ta/bin/mibs ?

0 Karma

akdake
Explorer

error log
[11/Jul/2014:15:13:31.161 +0800] "GET /zh-CN/api/shelper?snippet=true&snippetEmbedJS=false&namespace=search&search=search+index%3D_internal+ExecProcessor+error+snmp.py&useTypeahead=true&useAssistant=true&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1405088827900 HTTP/1.1" 200 628 "https://172.16.11.26:8000/zh-CN/app/search/search?q=search%20index%3D_internal%20%20snmp.py&earliest..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36" - 53bf8e9b295115410 29ms

0 Karma

Damien_Dallimor
Ultra Champion

First of all , "... I have installed pyasn and pysnmp..."

You don't have to do this , nor is this documented. All the dependent python packages are bundled in with the SNMP Modular Input.

Now some observations and tips :

Any errors in the logs ? Search in splunk such as : "index=_internal ExecProcessor error snmp.py"

I see you have overridden the default sourcetype of "snmp_ta" with "snmp". Any reason why ?

What search are you using that is not showing up anything ? what timeframe are you searching over ?

Have you converted your CISCO-C2900-MIB mib correctly and placed the CISCO-C2900-MIB.py file (named as such) in snmp_ta/bin/mibs ?

akdake
Explorer

Many thanks for suggestion,
1. sourcetype name has been changed as "snmp_ta", however , maybe the sourcetype name is not the key point

  1. I just to check the result by search "index=eddy" ,

3.some network device, for example, cisco 2900, 3560, Juniper ex220 , Are these MIBS included in the default egg? which mibs should i choose to polling these devices? just for CPU ,MEM,INTERFACE, or i have to import customer mib? Please give me more guide ,

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...