All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

snmp mod input retrieving more than it should with get bulk

chris_thuys
Path Finder
‎09-11-2014 12:40 AM

I am using get bulk to download specific columns of the interfaces table ifTable. I do this in an attempt to reduce the amount of data being stored into splunk.

My snmp input works but retrieves more than it should when using get bulk. I retrieve
1.3.6.1.2.1.2.2.1.13 using get bulk and it retrieves all of that branch (102 entries) plus 23 from the next branch. This would be fine except where I also retrieve the next column 1.3.6.1.2.1.2.2.1.13 which retrieves the branch again (102 reentries) leaving me with 125 entries for that branch. The net result when trying to graph the result of he counter types is bad data as they are counter values and you need to use the delta function to calculate the amount of data sent.
Any idea how to get this module to retrieve only the branch requested ala get subtree ?

copy of inputs.conf below.

[snmp://Brocade switch ifInOctets]
communitystring = knotpublic
destination = perat8fca01
do_bulk_get = 1
index = snmp_unix
ipv6 = 0
object_names = 1.3.6.1.2.1.2.2.1.10,1.3.6.1.2.1.2.2.1.13,1.3.6.1.2.1.2.2.1.14
snmp_mode = attributes
snmp_version = 2C
snmpinterval = 120
sourcetype = snmp-get
split_bulk_output = 1
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

Tags (1)
0 Karma
Reply

chris_thuys
Path Finder
‎09-12-2014 01:21 AM

The answer would seem to be a result of the difference between getBulk and nextCmd.
To return the values from a subtree next Cmd should be used.

I solved this issue by editing the SNMP Modular Input app and adding another check box to allow get subtree using the nextCmd function.

I had to edit snmp.py, inputs.conf.spec, and default/data/ui/manager/snmp_manager.xml

0 Karma
Reply
Get Updates on the Splunk Community!

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Your Guide to Splunk Digital Experience Monitoring

A flawless digital experience isn't just an advantage, it's key to customer loyalty and business success. But ...