snmp_ta module version 1.5: all data received is s...

Getting Data In

Hi,

I'm using snmp_ta with the newest version 1.5 with an eval key. We have set up the snmp configuration in splunk successfully.

The stanza looks as follows:

[snmp://OtcsMaThreadPerformance]
activation_key = 91C3A8052D3B6BB033AC165FDF24462E
destination = host
do_bulk_get = 0
do_get_subtree = 1
index = otcs 
ipv6 = 0
mib_names = MONITORING_AGENT_MIB
object_names = .1.3.6.1.4.1.14876.4.2.1.1
port = 162
response_handler = MonitoringAgentResponseHandlerThread
snmp_mode = attributes
snmp_version = 2C
snmpinterval = 60
sourcetype = OtcsMaThreadPerformance
split_bulk_output = 1
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
host = host
disabled = 0

I can see that Splunk is receiving specific data (such as host name information), but all other information has 0 values. see screenshot: https://ibb.co/Zg6BzrJ

In the past, I managed to configure snmp for this solution, so I have working examples.

Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Are you a member of the Splunk Community?