SC4SNMP Setup (Receiving Data)
❗System requirements❗¶
You MUST follow these specs or it will not work as intended. t2.xlarge is the most cost-effective AWS EC2 instance type for this.
- 4 cores
- 8GB memory
- 50GB storage
Steps¶
-
On a separate machine to be used as the SC4SNMP host, follow all the steps on the Splunk Connect for SNMP using MicroK8s guide. Copied below just in case:
* The DNS being used here is OpenDNS. You may use whichever you like.sudo snap install microk8s --classic sudo usermod -a -G microk8s $USER sudo chown -f -R $USER ~/.kube sudo su - $USER microk8s status --wait-ready sudo systemctl enable iscsid microk8s enable helm3 microk8s enable storage microk8s enable rbac microk8s enable community microk8s enable openebs microk8s status --wait-ready microk8s enable dns:208.67.222.222,208.67.220.220 microk8s status --wait-ready microk8s enable metallb:<SC4SNMP_PUBLIC_IP>-<SC4SNMP_PUBLIC_IP> microk8s status --wait-ready -
Run the command
microk8s helm3 repo add splunk-otel-collector-chart https://signalfx.github.io/splunk-otel-collector-chart -
For Splunk Observability, run:
For Splunk Enterprise/Cloud, you will need to create the indexes as described in the SC4SNMP Requirements and generate a HEC token pointing to those indexes. Then run:microk8s helm3 upgrade --install sck \ --set="clusterName=<CLUSTER_NAME>" \ --set="splunkObservability.realm=<REALM>" \ --set="splunkObservability.accessToken=<API_INGEST_TOKEN>" \ --set="splunkObservability.ingestUrl=https://ingest.<REALM>.signalfx.com" \ --set="splunkObservability.apiUrl=https://api.<REALM>.signalfx.com" \ --set="splunkObservability.metricsEnabled=true" \ --set="splunkObservability.tracesEnabled=false" \ --set="splunkObservability.logsEnabled=false" \ splunk-otel-collector-chart/splunk-otel-collectormicrok8s helm3 upgrade --install sck \ --set="clusterName=<CLUSTER_NAME>" \ --set="splunkPlatform.endpoint=http://<SPLUNK_ENTERPRISE_IP>:8088/services/collector" \ --set="splunkPlatform.insecureSkipVerify=true" \ --set="splunkPlatform.token=<SPLUNK_HEC_TOKEN>" \ --set="splunkPlatform.metricsEnabled=true" \ --set="splunkPlatform.metricsIndex=em_metrics" \ --set="splunkPlatform.index=em_logs" \ splunk-otel-collector-chart/splunk-otel-collector -
Run the commands:
microk8s helm3 repo add splunk-connect-for-snmp https://splunk.github.io/splunk-connect-for-snmp microk8s helm3 repo update -
Save the corresponding configuration for your environment, either the Splunk Observability config or the Splunk Enterprise/Cloud config, into a file called
values.yaml. Replace the values in all uppercase (this is where you specify which agents to poll from--look for<SNMP_AGENT_IP>). -
Finally, run:
When making any further changes tomicrok8s helm3 install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespacevalues.yaml, run:microk8s helm3 upgrade --install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace -
To see the pods created, run
microk8s kubectl get pods -n sc4snmp -
To check the logs for SC4SNMP, use the command above to get the pod names, and run:
microk8s kubectl logs -f snmp-splunk-connect-for-snmp-inventory-<INVENTORY_POD_NAME> -n sc4snmp, replacing the pod name with the last part of the "inventory" pod name. You should see a line that saysNew Record address='<SNMP_AGENT_IP>'. -
And that's it! You should now see metrics in Splunk Observability by going to Metric Finder and searching for
sc4snmp.
To see events in Splunk Enterprise/Cloud, search:
And to see metrics in Splunk Enterprise/Cloud, search:index="netops" sourcetype="sc4snmp:event"| mpreview index="netmetrics" | search sourcetype="sc4snmp:metric" -
Here's an example of a dashboard that you can build with SNMP data. Download the JSON for this sample dashboard here.
