Splunk® Enterprise

Getting Data In

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Send SNMP events to your Splunk deployment

Simple Network Management Protocol (SNMP) is a network protocol used to monitor network devices. SNMP data sources include polling messages and traps.

An SNMP trap represents notifications or alerts that remote agents send. In a typical network environment, a central network management system collects the SNMP traps. SNMP polling requires the following components:

  • Network agent devices that are capable of receiving polling requests
  • A polling node that queries agents to request specific status information

Where to find SNMP support for the Splunk platform

The Splunk platform does not include native support for the SNMP protocol. You can choose from multiple Splunk apps and tools that offer support for SNMP:

  • If the SNMP traps that your network management software collects are written to a log file, you can use a forwarder to monitor the log file and send the data to the Splunk platform. See Monitor files and directories with inputs.conf.
  • You can review the apps available on Splunkbase to assist you in collecting traps or polling SNMP data from the network. See the relevant apps on Splunkbase.
  • You can use Splunk Stream to collect message statistics from SNMP messages using the built-in protocol support. See the Splunk Stream Installation and Configuration Manual.

See also

If you're looking for an example of installing and configuring the snmptrapd service on Linux, review the Splunk blog post for Managing SNMP Traps with ITSI Event Analytics.

For guidance on integrating SNMP data sources into Splunk Enterprise, current Splunk customers can use OnDemand Services support offering. See Support Programs.

Last modified on 31 March, 2021
PREVIOUS
How the Splunk platform handles syslog data over the UDP network protocol
  NEXT
Monitor Windows data with the Splunk platform

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.1.0, 8.1.1, 8.1.2, 8.1.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters