How to integrate SNMP data sources into Splunk Ent...

TAE · ‎03-25-2022

Does anyone have suggestions on integrating a SNMP enabled device into Splunk Enterprise? I'm very new to Splunk and have been asked to integrate an SNMP enabled device into our Splunk Enterprise. I think I need to somehow link a Forwarder to the device and have the Forwarder act as a receiver of device's information. Once that data is in the Forwarder, I think it should be processed by an associated Indexer and then it should be available within Splunk. Is that correct or do I misunderstand?

PickleRick · ‎03-25-2022

There are several ready-made apps on splunkbase for polling data with SNMP. You could try one of these.

You can also simply try wrapping simple snmpget/snmpwalk from snmp tools into some kind of script, call it from cron and save results to a file. Then you can easily ingest the data from file.

In case of SNMP traps I think it's easiest to just run snmptrapd and ingest its logs.

How to integrate SNMP data sources into Splunk Enterprise?

indexer

intermediate forwarder

Linux

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation