Solved: Re: SNMP Traps not Captured

rbacon · ‎06-16-2014

I'm having a similar problem to a recent post which also has not been solved (at this time). I've installed SNMP Modular input and configured as described on it's Splunk Apps page but it's not indexing the incoming data. I have verified that the SNMP data is making it to my system via Netcat and Wireshark.

Is it necessary to provide MIBs in the SNMP inputs for Modular Input to work or will it not still index without any listed? I've left that configuration empty for the time being.

I running Ubuntu 14.4 and Splunk 6.1.

Thanks.

rbacon · ‎07-24-2014

I removed all MIBS from snmp data input configuration and it started working. I'm not totally sure why this works but I think it's because the manufacturer of the device I'm monitoring has provided a MIB that is very poorly written. It's seems to be missing some key value pairs that I would think necessary.

View solution in original post

rbacon · ‎07-24-2014

I removed all MIBS from snmp data input configuration and it started working. I'm not totally sure why this works but I think it's because the manufacturer of the device I'm monitoring has provided a MIB that is very poorly written. It's seems to be missing some key value pairs that I would think necessary.

rbacon · ‎07-02-2014

Anyone have a similar issue?

rbacon · ‎06-18-2014

Thanks Damien. I sent the Wireshark-captured trap.

Damien_Dallimor · ‎06-16-2014

Can you email me a wireshark capture of the traps that are not showing up in Splunk ? ddallimore@splunk.com

SNMP Traps not Captured

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases