#!/usr/bin/perl
$hostPortSNMP1 = "<IPADDRESS1>"; # SNMP Destination Host and Port multiple addresses if you have a clustered env
$hostPortSNMP2 = "<IPADDRESS2>";
$hostPortSNMP3 = "<IPADDRESS3>";
$snmpTrapCmd = "/usr/bin/snmptrap"; # Path to snmptrap executable, from http://www.net-snmp.org$TrapOID = "1.3.6.1.4.1.27389.1.2"; # Object ID for traps/notifications, Splunk Enterprise OID is 27389
$TRAPOID = "1.3.6.1.4.1.27389.1.2"; # Object IDentifier for traps/notifications
$OID = "1.3.6.1.4.1.27389.1.1"; # Object ID for objects, Splunk Enterprise OID is 27389
$searchCount = $ARGV[0]; # $1 - Number of events returned
$searchTerms = $ARGV[1]; # $2 - Search terms
$searchQuery = $ARGV[2]; # $3 - Fully qualified query string
$searchName = $ARGV[3]; # $4 - Name of saved search
$searchReason = $ARGV[4]; # $5 - Reason saved search triggered
$searchURL = $ARGV[5]; # $6 - URL/Permalink of saved search
$searchTags = $ARGV[6]; # $7 - Always empty as of 4.1
$searchPath = $ARGV[7]; # $8 - Path to raw saved results in Splunk instance (advanced)
use Text::CSV;
my $csv = Text::CSV->new();
`gunzip $searchPath`;
chop($searchPath);
chop($searchPath);
chop($searchPath);
open (CSV,"<",$searchPath) or die "cannot open file:$1";
my $line = <CSV>;
$line = <CSV>;
chomp($line);
my @columns = split(",",$line);
for (@columns) {
s/\"//g;
}
#To re-enable writing to the splunk_alert.log for debugging remove the commends below
open (MYOFILE,">>",'/splunk/splunk_alert.log') or die "cannot open output file:$!";
print MYOFILE "$columns[0],support_group=\"${columns[1]}\",host=${columns[2]},severity=\"${columns[3]}\",message=\"${columns[4]}\"\n";
close (MYOFILE);
#Here are the mappings from the array with values from splunk: column[0]=time column[1]=assignment group column[2]=host column[3]=severity column[4]=message
@args1 = ("-v", "2c", "-c", "public", $hostPortSNMP1, "<sending host field>", $TRAPOID, "$OID.1", "s", $columns[0],"$OID.2", "s", $columns[1],"$OID.3","s", $columns[2],"$OID.4", "s",$columns[3], "$OID.5", "s", $columns[4]);
@args2 = ("-v", "2c", "-c", "public", $hostPortSNMP2, "<sending host field>", $TRAPOID, "$OID.1", "s", $columns[0],"$OID.2", "s", $columns[1],"$OID.3","s", $columns[2],"$OID.4", "s",$columns[3], "$OID.5", "s", $columns[4]);
@args3 = ("-v", "2c", "-c", "public", $hostPortSNMP3, "<sending host field>", $TRAPOID, "$OID.1", "s", $columns[0],"$OID.2", "s", $columns[1],"$OID.3","s", $columns[2],"$OID.4", "s",$columns[3], "$OID.5", "s", $columns[4]);
system($snmpTrapCmd, @args1);
system($snmpTrapCmd, @args2);
system($snmpTrapCmd, @args3);
#close (MYOFILE);
close CSV;
... View more