Index SNMP events with Splunk

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Index SNMP events with Splunk

The most effective way to index SNMP events is to use snmptrapd to write them to a FIFO.

First, configure snmptrapd to write to a FIFO rather than to a file on disk.

# mkfifo /var/run/snmp-fifo
# snmptrapd -o /var/run/snmp-fifo

Then, configure the Splunk Server to add the FIFO as a data input.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.2.4/Admin/IndexSNMPEventsWithSplunk"

« Determine what files Splunk is tailing log4j »

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Admin Manual

Index SNMP events with Splunk

Index SNMP events with Splunk

Comments