Getting Data In

snmpget with splunk

cpuppet
Path Finder

has anyone ever work with polling system information using snmpget and write it into files
or using a scripted data input to poll them using snmpget?

this is critical for my client who can only offer snmp as the only way to get data from the devices

Tags (1)
1 Solution

sbrant_tt
Explorer

So, if you wanted to spin it into a key=value pair to make it nice and easy for Splunk, you could do something in Python like this:

import subprocess, re

snmp_proc = subprocess.Popen('snmpget -v <snmp version> -c <community string> <IP> <OID>', shell=True, stdout=subprocess.PIPE)
raw_oid_value = snmp_proc.stdout.read()
oid_value = re.match('^.*Counter64:\s(?P<number>.*?)$', raw_oid_value)
print "snmp_key=" + oid_value

Or, you could just use something simple from a sh script and do all of the parsing in Splunk:

snmpget -c <community string> -v <snmp version> <IP> <OID>

View solution in original post

oscarjoedaly
New Member

Not to be picky about the example provided, but shouldn't it be something like:

...
oid_value = re.match('^.Counter64:\s(?P.?)$', raw_oid_value)
if oid_value:
print "snmp_key=" + oid_value.group(1)

0 Karma

sbrant_tt
Explorer

So, if you wanted to spin it into a key=value pair to make it nice and easy for Splunk, you could do something in Python like this:

import subprocess, re

snmp_proc = subprocess.Popen('snmpget -v <snmp version> -c <community string> <IP> <OID>', shell=True, stdout=subprocess.PIPE)
raw_oid_value = snmp_proc.stdout.read()
oid_value = re.match('^.*Counter64:\s(?P<number>.*?)$', raw_oid_value)
print "snmp_key=" + oid_value

Or, you could just use something simple from a sh script and do all of the parsing in Splunk:

snmpget -c <community string> -v <snmp version> <IP> <OID>

RubenOlsen
Path Finder

What you are asking is no different that any other scripted inputs.

The only advice is to reformat the data from your snmpget command to something very suitable for Splunk (i.e. key=value).

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...