I am trying to send SNMP traps from Cisco wireless controllers to our universal forwarder which has net-snmp installed. While I have it working and data is getting to the indexer, I have a few problems listed below. Note that I cannot send traps directly to splunk. All data needs to hit the UF first.
SNMP output is not clean
With the STRING, INTEGER, and other random output between the key values, it's causing Splunk to incorrectly parse them. A hacky way would be for me to use SEDCMD to remove this data in props.conf but it is not working. My assumption is SEDCMD does not work on a Windows indexer but I've been told it should. Is there a better way with net-snmp to prevent this?