Solved: SNMP doesnt get any data

jadengoho · ‎05-08-2018

I do all the configuration needed but still no data ingesting in the splunk

##POLL###
[snmp://<NAME>]
communitystring = public
destination = <ip address of the server>
do_bulk_get = 0
do_get_subtree = 0
index = <index_name>
ipv6 = 0
mib_names = <SMI>,<Custom MIB's i put in .egg>
object_names = <OID's>
port = 161
snmp_mode = attributes
snmp_version = 2C
sourcetype = <sourcetype_name>
split_bulk_output = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

I deploy the addon on the universal forwarder, and reload the DS ,
But still no data ingesting .

jkat54 · ‎05-08-2018

The app requires python. Therefore it must be installed on full splunk installs (heavy forwarders,
Etc).

Thanks!

View solution in original post

jkat54 · ‎05-08-2018

The app requires python. Therefore it must be installed on full splunk installs (heavy forwarders,
Etc).

Thanks!

jadengoho · ‎05-08-2018

i try to install i tto the Heavy forwarder with python 2.7 but still no data incomming

jadengoho · ‎05-09-2018

i am getting this log
index=_internal ExecProcessor error snmp.py host="HF1

5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" Traceback (most recent call last):
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py"   File "/opt/splunk/etc/apps/snmp_ta/bin/snmp.py", line 771, in <module>
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py"     do_run()
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py"   File "/opt/splunk/etc/apps/snmp_ta/bin/snmp.py", line 475, in do_run
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py"     mibBuilder.loadModules(*mib_names_args)
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py"   File "/opt/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/smi/builder.py", line 270, in loadModules
host =  prd-usc1-a-splunk-hf1 source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
5/9/18
3:11:58.976 AM  
05-09-2018 03:11:58.976 -0400 ERROR ExecProcessor - message from "python /opt/spl

jkat54 · ‎05-09-2018

Can you share the results of this search?

index=_internal snmp.py host="HF1

koshyk · ‎05-08-2018

which conf file you are updating this? Do you have an SNMP app for this?

jadengoho · ‎05-08-2018

yes there is a SNMP app deployed to 20 Universal Forwarders.
I am updating the snmp_ta/local/inputs.conf

jadengoho · ‎05-08-2018

is it connected to this message :

INFO ExecProcessor - Removing status item "/opt/splunk/etc/apps/snmp_ta/bin/snmp.py (snmp://testing) (isModInput=yes)

SNMP doesnt get any data

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!