Solved: How do you set/change the default index for SNMP M...

chris_thuys · ‎08-31-2014

How do you set/change the default index, I know there is an index drop down in the more settings section. On mine it only has default. How can I add extra indexes to this dropdown.
My splunk setup uses separate indexer and search head.

Damien_Dallimor · ‎09-01-2014

I presume then that you have tried to install the Modular Input on a Search Head where you don't have your indexes defintions, hence , no indexes in the drop down ?

Furthermore , it is incorrect to install the Mod Input here in a distributed architecture. You should install it on an Indexer or Forwarder node. In this scenario you can then setup the SNMP stanza by editing inputs.conf directly.

View solution in original post

Damien_Dallimor · ‎09-01-2014

I presume then that you have tried to install the Modular Input on a Search Head where you don't have your indexes defintions, hence , no indexes in the drop down ?

Furthermore , it is incorrect to install the Mod Input here in a distributed architecture. You should install it on an Indexer or Forwarder node. In this scenario you can then setup the SNMP stanza by editing inputs.conf directly.

chris_thuys · ‎09-01-2014

As this is a test environment and I am not an administrator for this splunk implementation, snmp mod input was installed on the search head. I have discovered that the reason I could not change the index was my lack of appropriate access. The admin has the access and was able to change the index for me.

How do you set/change the default index for SNMP Modular Input?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases