When polling DOCSIS 64-bits OIDs I noticed that I must add the OID instance value in order for data to be received for that OID. For example: when the Object Name List: iso.3.6.1.2.1.10.127.1.1.4.1.2, iso.3.6.1.2.1.10.127.1.1.4.1.3, iso.3.6.1.2.1.10.127.1.1.4.1.4; data is collected as expected. When Object Name List: iso.3.6.1.2.1.10.127.1.1.4.1.8, iso.3.6.1.2.1.10.127.1.1.4.1.9, iso.3.6.1.2.1.10.127.1.1.4.1.10; then data is not collected at all. However, when I add the instance values to these OIDs then data is collected as expected - the Splunk configuration should not depend on the instance values. Furthermore, this behavior exists whether I choose bulk-get or not. My experience with this problem is within the DOCSIS MIB domain; as a result, I cannot comment as to the scope of this problem related to other MIBs. Any suggestions to work around this problem would be appreciated.
Hello,
I have a problem with 64 bits OID too :
I wish poll my switch since my Splunk Server but i don't manage for 1 OID (which worked before).
This oid is :
1.3.6.1.2.1.31.1.1.1.10.23 = Counter64: 12345678910111
I try to receive the octet's number for the interface 23.
When i do snmpwalk on my SPLK server with cmd , that works!
Sample Search :
SNMPv2-SMI::mib-2."31.1.1.1.10.24" = "41469708067658"
host = 192.168.X.X
index = switch
linecount = 1
source = snmp://switch_traffic_total_XXXXX
sourcetype = snmp_switch
splunk_server = XXXXXX
SNMPv2-SMI::mib-2."31.1.1.1.10.22" = "3541544"
host = 192.168.X.X
index = switch
linecount = 1
source = snmp://switch_traffic_total_X
sourcetype = snmp_switch
splunk_server = XXXXXXX
This is my conf :
[snmp://switch_traffic_total_XX]
communitystring = comvie
destination = 192.168.X.X
do_bulk_get = 1
do_get_subtree = 0
index = switch
ipv6 = 0
object_names = 1.3.6.1.2.1.31.1.1.1.6, 1.3.6.1.2.1.31.1.1.1.10
snmp_mode = attributes
snmp_version = 2C
snmpinterval = 120
sourcetype = snmp_switch
split_bulk_output = 1
trap_rdns = 0
disabled = 0
Any Suggestions ? Thanks !!!
Bye
Presuming you are talking about the SNMP Modular Input.
What versions of everything are you on ?
What does your inputs.conf config look like ?
Any "relevant" error messages ?
--- Versions . . .
Splunk version 6.2.0 on Ubuntu
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
/opt/splunk/etc/apps/search/local/inputs.conf
[snmp://cmCodewordErrors]
destination = 10.250.41.132,10.250.41.133
do_bulk_get = 1
ipv6 = 0
object_names = iso.3.6.1.2.1.10.127.1.1.4.1.8, iso.3.6.1.2.1.10.127.1.1.4.1.9, iso.3.6.1.2.1.10.127.1.1.4.1.10
snmp_mode = attributes
snmp_version = 2C
sourcetype = snmp_ta
split_bulk_output = 1
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
disabled = 1
mib_names = DOCS-IF-MIB
snmpinterval = 60
do_get_subtree = 0
trap_rdns = 0
Error Messages - Yes - but text is too large to include here. Try this link to download:
https://www.dropbox.com/sh/awrzoms9cu02i4l/AAD_J-74fxX8aHPyDuzJO0Sda?dl=0