Hi All,
I have just installed SNMP Modular Input and started to receive some SNMP traps. I can see some SNMP packets coming in but the problem is that the reporting IP is not shown in the output. I have no idea which remote IP is sending which traps. All I see is "host=None" in the snmp trap data.
Any suggestions as to what I am doing wrong would be gratefully received.
This could be an issue with the fact that when you upgraded to splunk 'X' version and have an app installed which is not supported in that version. You should uninstall this X version of app and restart Splunk to see inputs
I am having the same issue. Splunk is receivign SNMP traps for multiple servers but I can't seem to find a way to differentiate them as they all have 'host=None' in the data.
Did you find a way to find the remote server details from the events?
Just a suggestion : Try configureing trapping of the correct OID on the Switch (Object Names List : iso.org.dod.internet.mgmt.mib-2.system.... )