Send SNMP events to your Splunk deployment
Simple Network Management Protocol (SNMP) is a network protocol used to monitor network devices. SNMP data sources include polling messages and traps.
An SNMP trap represents notifications or alerts that remote agents send. In a typical network environment, a central network management system collects the SNMP traps. SNMP polling requires the following components:
- Network agent devices that are capable of receiving polling requests
- A polling node that queries agents to request specific status information
Where to find SNMP support for the Splunk platform
The Splunk platform does not include native support for the SNMP protocol. You can choose from multiple Splunk apps and tools that offer support for SNMP:
- If the SNMP traps that your network management software collects are written to a log file, you can use a forwarder to monitor the log file and send the data to the Splunk platform. See Monitor files and directories with inputs.conf.
- You can review the apps available on Splunkbase to assist you in collecting traps or polling SNMP data from the network. See the relevant apps on Splunkbase.
- You can use Splunk Stream to collect message statistics from SNMP messages using the built-in protocol support. See the Splunk Stream Installation and Configuration Manual.
If you're looking for an example of installing and configuring the
snmptrapd service on Linux, review the Splunk blog post for Managing SNMP Traps with ITSI Event Analytics.
For guidance on integrating SNMP data sources into Splunk Enterprise, current Splunk customers can use OnDemand Services support offering. See Support Programs.
How the Splunk platform handles syslog data over the UDP network protocol
Monitor Windows data with the Splunk platform
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2105, 8.2.2106, 8.2.2109, 8.2.2107, 8.2.2111, 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203 (latest FedRAMP release), 9.0.2205, 9.0.2208