My situation is: I have installed the Net-snmp and I have configured this to receive trap to the snmptrapd.log and I also have installed the splunk and have configured the those script in input.conf file
[monitor://c:\usr\log\snmptrapd.log]
disabled = false
host = snmplog
index = default
sourcetype = snmptrap
alwaysOpenFile = 1
Finally, I also can get the log in the splunk. (1) Now, I have a question that I want to record\export the log from the index or from the raw data to other txt file or some file that I can available to see the log periodically in splunk. Does Splunk provide this function? or how?
(2) I also want to clear the snmptrapd.log periodically in splunk or other method because I think when the there are large amount log in snmptrapd,and I also can not delete the script in snmptrapd.log unless stop the snmp service. when the snmptrapd.log can not receive more data, I don't know want will happen. Does splunk can handle this problem?
... View more