Firstly I am new to Splunk (so aplogies if this is very simple.)
Secondly I have a working snmp file being written to and I have the mibs loaded so that the oid are being converted into meaningful english. I would like to email "parts" of the infomration from this based on alerts, however I am not allowed to send the full "raw" output as it contains information I need to remove, (hostname / ip) However if i try the -filter hostname ip as the input information is listed as rawid it dones not get stripped.
Am I correct in thinking if I index this file, I would then be able to filter out extra parts? If so how
Or do I need to revet to command line passing of the snmp file and searching for text / parts I am interested in?
Thank you for any advice.
I have a redhat splunk server and my bash scripting is not up to the task.
Anthony
... View more