I found these basic instructions in the Splunk docs - http://www.splunk.com/base/Documentation/4.0.9/Admin/SendSNMPeventstoSplunk - but I'm not familiar with snmptrapd. Are there instructions anywhere on how to configure it to write to a file?
The example writes the traps to the specified file.
# snmptrapd -Lf /var/run/snmp-traps
The output will be in /var/run/snmp-traps.
This document is mostly an example of how you can wire in arbitrary data sources to splunk. The point is anything that can be caused to produce events in log file format can be fed into splunk.
snmptrapd itself is part of the net-snmp project: http://net-snmp.sourceforge.net/ If you're installing this on your system, refer first to any local documentation for your distribution's packaging of the tool, and after that, the documentation here: http://net-snmp.sourceforge.net/docs/man/snmptrapd.html
The default behavior, on UNIX, seems to be to log to syslog, while on Windows to log to the Event Log. This means that if Splunk is configured to monitor your syslog logs, or your winevent log, you will be acquiring the data. You could alternatively configure snmptrapd to write to a specific file. The manpage documents this is accomplished with -o filename
Previously, snmptrapd would accept all incoming notifications, and log them automatically (even if no explicit configuration was provided). Starting with snmptrapd release 5.3, access control checks will be applied to all incoming notifications. If snmptrapd is run without a suitable configuration file (or equivalent access control settings), then such traps WILL NOT be processed. The simplest solution is to add disableAuthorization yes to snmptrapd.conf.