1

I just installed this app and found it simple to setup...but I most be doing something wrong. I've created Trap information on my two UPS devices and haven't had any luck bringing them into Splunk. I enabled SNMP, all versions and then I added the IPs for the Traps to point to and included my splunk cloud DNS name, Deployment IP, HF and UF and haven't seen anything come in.

It also says the default sourcetype it has is snmp_ta

**Activation Key *** Using 14 day free trial

Log Level INFO

SNMP Mode Listen For Traps (I've also tried DEBUG)

SNMP Version 2C

I left everything else blank except

SNMP Trap listener settings I put the IP address of the UPS I'm trying to get the information from. Source type: Manual and snmp_ta

I'm still not seeing any data flowing into Splunk. Our underlying Splunk Hosts are located on the same network as the UPS devices. They are separated by a VLAN, but when connected to the network via VPN I'm able to ping the UPS devices, so I don't think that should be an issue, since I can see the IP addresses within Splunk showing up, however through the sourcetype=dhcp

What mistake am I making? Maybe the data is coming in and I'm just not searching for it properly?

YouSayHello
  • 11
  • 2
  • a similar question was recently asked on [/r/Splunk](https://www.reddit.com/r/Splunk/comments/weklrf/splunk_snmp), too. Maybe answers here (and there) can help each other out – warren Aug 04 '22 at 21:42

1 Answers1

0

could you maybe share the way you setup the addon? im having a bit of a hard time trying to understand a few issues:

  1. talking about distributed environment - what infra members did you set it on (HF, SH, INDEXER) ?

  2. what ports does it require to open on the splunk instance to allow a data flow from the SNMP agent to the SNMP manager, besides the 161,162 SNMP ports? do you need to open in each new stanza at the inputs.conf a new recieving/listening port or you can use the same one?

  3. If I want to send the data from polling/trap to more than one index - do I need to open multiple ports or can I use the same port for more than one index?

  4. Does the SNMP data need to be stored in an event index or a metric index?

  5. where can I find more documentation on the SNMP add-on subject? (Besides the developer documentation and the splunk community sites). Thanks in advance!

nic
  • 1