I have a requirement to generate an SNMP trap and forward it to a monitoring tool whenever a particular log message is received by Splunk. I can't seem to find anything like this in either the product or in an app. The only thing I can think of doing is to configure a forwarder in Splunk to send a copy of these messages to an intermediate process (that I'll build) that will convert the message into an SNMP trap.
Is there any other way to do this? If not, I've never configured a forwarder before. If I set up a forwarder on Splunk that forwards only specific messages, will this forward a copy or the message or will it "consume" the message? I want to be able to still query these messages in Splunk - I just want the additional notification sent via SNMP.
... View more