I've just configured my first Splunk server (ubuntu 11.04) with snmptrapd logging to /var/log/snmp-traps as per http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk - this works well, but all SNMP messages then appear in Splunk as coming from one host (ie, the Splunk server).
How can I make Splunk receive traps and display their correct source host? (is this possible?)
TIA!
... View more