All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

snmp mod input retrieving more than it should with get bulk

chris_thuys
Path Finder
‎09-11-2014 12:40 AM

I am using get bulk to download specific columns of the interfaces table ifTable. I do this in an attempt to reduce the amount of data being stored into splunk.

My snmp input works but retrieves more than it should when using get bulk. I retrieve
1.3.6.1.2.1.2.2.1.13 using get bulk and it retrieves all of that branch (102 entries) plus 23 from the next branch. This would be fine except where I also retrieve the next column 1.3.6.1.2.1.2.2.1.13 which retrieves the branch again (102 reentries) leaving me with 125 entries for that branch. The net result when trying to graph the result of he counter types is bad data as they are counter values and you need to use the delta function to calculate the amount of data sent.
Any idea how to get this module to retrieve only the branch requested ala get subtree ?

copy of inputs.conf below.

[snmp://Brocade switch ifInOctets]
communitystring = knotpublic
destination = perat8fca01
do_bulk_get = 1
index = snmp_unix
ipv6 = 0
object_names = 1.3.6.1.2.1.2.2.1.10,1.3.6.1.2.1.2.2.1.13,1.3.6.1.2.1.2.2.1.14
snmp_mode = attributes
snmp_version = 2C
snmpinterval = 120
sourcetype = snmp-get
split_bulk_output = 1
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

Tags (1)
0 Karma
Reply

chris_thuys
Path Finder
‎09-12-2014 01:21 AM

The answer would seem to be a result of the difference between getBulk and nextCmd.
To return the values from a subtree next Cmd should be used.

I solved this issue by editing the SNMP Modular Input app and adding another check box to allow get subtree using the nextCmd function.

I had to edit snmp.py, inputs.conf.spec, and default/data/ui/manager/snmp_manager.xml

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...