All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SNMP_TA: is it possible to install in indexer?

teddyidc1101
Communicator
‎05-10-2018 04:35 PM

Hi - we have distributed deployment in place for Splunk. We wanted to use the SNMP_TA to poll. We have it in the UF and HF installed.

But later we found out that the UF/HF doesn't have connection with the SNMP servers and we are getting errors below:
Error Logs : “SNMP message serialization error snmp_stanza:snmp://mtx_proc_site_1_1”
:“No SNMP response received before timeout snmp_stanza:snmp://mtx_proc_site_1_1”

Since the indexer have the prod connection, can we install the SNMP_TA app in the indexer to access the SNMP prod servers?
If yes, will there be implication in the distributed environment (will it confuse the splunk components?)?

Thank you!

Reply
1 Solution
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-10-2018 05:13 PM

It should be possible, however I'd not advise to do this, as indexers shouldn't run such inputs. I'd suggest you either get one of your existing UFs or HFs to be able to access those SNMP targets, or setup another UF/HF in the right place so it's able to do this.

View solution in original post

Reply
Solved! Jump to solution

teddyidc1101
Communicator
‎05-10-2018 10:49 PM

thanks you for your response @xpac....Do you see any impact if SNMP_TA is implemented on the indexer ? we are considering the option due to connection setup that has to be done on the environment..we need the data to be ingested... thanks!

0 Karma
Reply
Solved! Jump to solution

ansif
Motivator
‎05-15-2018 10:15 PM

Hi @teddyidc1101

If @xpac answer helped you then accept his answer. He deservers the karma points then.

Reply
Solved! Jump to solution

teddyidc1101
Communicator
‎05-21-2018 08:35 PM

ok done accepting

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎05-15-2018 10:40 PM

@teddyidc1101, you should unaccept your answer and then Accept @xpac's answer. You can definitely up vote all the answers/comments that helped using Up Arrow.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

ansif
Motivator
‎05-10-2018 11:11 PM

Consider your current overhead in indexer ,if it is fine to handle snmp polling or trap process then go ahead and deploy.

Splunk is not restricting to use instance to act as multi splunk component,only performance matters.

Reply
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-10-2018 05:13 PM

It should be possible, however I'd not advise to do this, as indexers shouldn't run such inputs. I'd suggest you either get one of your existing UFs or HFs to be able to access those SNMP targets, or setup another UF/HF in the right place so it's able to do this.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...