All Apps and Add-ons

SNMP Modular Input: How to use a single input to query multiple hosts?

ikt_kongsbakken
Explorer

Hello,

I've had much success after loads of testing with SNMP Modular Input to both register traps and polling devices.
However, now I am trying to use a single input to poll multiple devices I am having errors.

In the destination field of my poll, I have configured 2 IPs to two different devices, in the stanza it is configured as:
10.6.2.15,10.6.2.18
However, according to Wireshark only a GET-REQUEST is only sent to the first host.
I've tried multiple versions, like 10.6.2.15/18, 10.6.2.15,18 etc. but those do not work at all.

Have I misconfigured or is it not possible yet to query multiple hosts?
Both hosts are from the same vendor, so all other values are correct.

Tags (2)
1 Solution

ikt_kongsbakken
Explorer

It seems that when you press "save", the modular input tries something that doesn't work, thereby generating that error.
The automatic poll after time seems to work okay. I am now getting answers from both hosts.

I think it might be an error during the save when editing the input with SNMP Modular Input.

View solution in original post

0 Karma

ikt_kongsbakken
Explorer

It seems that when you press "save", the modular input tries something that doesn't work, thereby generating that error.
The automatic poll after time seems to work okay. I am now getting answers from both hosts.

I think it might be an error during the save when editing the input with SNMP Modular Input.

0 Karma

n00badmin
Communicator

Have you checked splunkd.log for errors?

$SPLUNK_HOME/var/log/splunk/splunkd.log

or

Search -> index=_internal ExecProcessor error snmp.py

0 Karma

ikt_kongsbakken
Explorer

Getting this message:

message="message from \"python \"C:\Program Files\Splunk\etc\apps\snmp_ta\bin\snmp.py\"\" Exception with getCmd to 10.6.2.18:161: MIB subtree (1, 3, 6, 1, 6, 3, 10, 2, 1, 4, 0) already registered at MibScalar((1, 3, 6, 1, 6, 3, 10, 2, 1, 4), Integer32()) snmp_stanza:snmp://Poll"

Is it because it is polling the same OIDs from two different devices, using single gets per OID value?

EDIT:
The OID 1.3.6.1.6.3.10.2.1.4 refers to snmpEngineMaxMessageSize
Maybe it is unable to send both requests since their lengths together would be approximatley 335.

0 Karma

n00badmin
Communicator

What does your config look like? are you doing gets to multiple OIDs on these hosts??

0 Karma

ikt_kongsbakken
Explorer
[snmp://Poll]
communitystring = asdf
destination = 10.6.2.15,10.6.2.18
do_bulk_get = 0
ipv6 = 0
mib_names = MIB1-MIB,MIB2-MIB
object_names = OID1,OID2,OID3,OID4
port = 161
snmp_mode = attributes
snmp_version = 1
snmpinterval = 3600
sourcetype = snmp_ta
split_bulk_output = 0

Same OIDs for both devices. Comma delimited, GETs only.
Using an OID viewer, I tried to do a GET-BULK, but it seems to crash the device I tested, because then I need to reboot the device in order to do a GET afterwards.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...