Splunk Search

Send SNMP using NetSNMP from an Alert

rhysjones
Path Finder

Hi,

I have successfully configured Splunk to send SNMP alerts using NetSNMP via a cmd script file. All good there.

The scenario I have is that I manufacture a node-up / node-down alert based on contents of log files. The log files tell me if a certain component of the software being monitored is functional. This alert works correctly when sent as an email, I effectively return a node-up or node-down as appropriate.

The issue I am having is that the search I run is fairly lengthy and has numerous commas and so forth in it. When I pass it out to the script, because the full script is passed, I am having issues with what actually gets generated for NetSNMP. I am therefore trying to work out a good way of generating a "useful" SNMP trap to send. Instead what I get is bits of the query separated by commas.

I have done a bunch of reading, but haven't actually managed to work out if there is a way I can successfully do this. I considered passing the .gz file, but its location doesn't appear in the text that is output to the command line (it appears in the Splunk event logs, just not in the debug output from the cmd batch script). I am guessing it is because of a length limitation maybe?

Any thoughts? Should I be going to Perl?

Thank you for any hints.

0 Karma
1 Solution

rhysjones
Path Finder

I finally got a chance to revisit this and discovered I had started one document too far .... I have switched from parameters to environment variables and it's all good !!

http://docs.splunk.com/Documentation/Splunk/6.1.4/Alert/Configuringscriptedalerts

View solution in original post

0 Karma

rhysjones
Path Finder

I finally got a chance to revisit this and discovered I had started one document too far .... I have switched from parameters to environment variables and it's all good !!

http://docs.splunk.com/Documentation/Splunk/6.1.4/Alert/Configuringscriptedalerts

0 Karma

jplumsdaine22
Influencer

Where are you generating the SNMP string? in Splunk itself? or in NetSNMP? And by NetSNMP do you mean this thing?
http://www.net-snmp.org/

0 Karma

rhysjones
Path Finder

Hello,
Thankyou for the response. I basically just followed this article : http://wiki.splunk.com/Community:Sending_SNMP_Traps_On_Windows

I use a standard "alert" and get it to run a script. The script is a cmd file that runs Net-SNMP with a set of parameters, including some of the content send to it by the Splunk alert.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...