Getting Data In

Cisco SNMP Incorrect Time Indexed

robgreen1984
New Member

Hi all,

I am pulling in SNMP polling data from some Cisco devices via shell scripts in Splunk. This all works fine apart from the indexing within Splunk. As the messages I am pulling in start with the date that the Cisco OS was compiled, all of my logs are showing as coming through on the exact same date and time!

An example- At the top of my snmpwalk output, the following is displayed -

Compiled Thu 19-Jul-07 20:06

This means that every log that comes in, Splunk is seeing and logging as from this date and time. That message never changes, so everything comes through under that exact date and time which makes the logs essentially useless. Is there a way I can get Splunk to ignore this line? I am unable to easily parse it during the script process.

Thanks

Tags (3)
0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

In your shell script , can you prepend a date that you actually want to the SNMP event before outputting it to Splunk ?

Alternatively, you could disable timestamp extraction for these events in props.conf,

DATETIME_CONFIG=NONE

View solution in original post

0 Karma

Damien_Dallimor
Ultra Champion

In your shell script , can you prepend a date that you actually want to the SNMP event before outputting it to Splunk ?

Alternatively, you could disable timestamp extraction for these events in props.conf,

DATETIME_CONFIG=NONE
0 Karma

robgreen1984
New Member

One thing to note- when adding other data sources such as scanned file sources, you need to re-add the DATETIME_CONFIG line in a custom props.conf file under that Data Source

0 Karma

robgreen1984
New Member

Setting the DATETIME_CONFIG to NONE sorted that out straight away, many thanks for that.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...