Skip to content

SC4SNMP Helm installation

The basic installation and configuration process discussed in this section is typical for single node non-HA deployments. It does not have resource requests and limits. See the mongo, redis, scheduler, worker, and traps configuration sections for guidance on production configuration.

Installing Splunk Connect for SNMP on Linux RedHat

Installation of RedHat may be blocking ports required by microk8s. Installing microk8s on RedHat requires checking to see if the firewall is not blocking any of the required microk8s ports.

Installation process

Offline installation

For offline installation instructions see this page.

Online installation

Add SC4SNMP repository

microk8s helm3 repo add splunk-connect-for-snmp https://splunk.github.io/splunk-connect-for-snmp
microk8s helm3 repo update
Now the package should be visible in helm3 search command result: 
microk8s helm3 search repo snmp
Example output: 
NAME                                               CHART VERSION  APP VERSION    DESCRIPTION                           
splunk-connect-for-snmp/splunk-connect-for-snmp        1.0.0        1.0.0       A Helm chart for SNMP Connect for SNMP

Download and modify values.yaml

The installation of SC4SNMP requires the creation of a values.yaml file, which serves as the configuration file. To configure this file, see the following steps:

  1. Review the basic configuration template.
  2. Review the examples to determine which areas require configuration.
  3. For more advanced configuration options, refer to the complete default values.yaml or download it directly from Helm using the command microk8s helm3 show values splunk-connect-for-snmp/splunk-connect-for-snmp
  4. In order to learn more about each of the configuration parts, check configuration section.

It is recommended to start by completing the base template and gradually add additional configurations as needed.

The values.yaml file is validated using JSON schema built into helm chart and inside the code. To ensure that your values.yaml follows formatting standards, you can use yamllint. In order to download yamllint refer to the installation instructions. Then create custom-config.yamllint file and add the following configuration: 

extends: default

rules:
  line-length:
    max: 80
    level: warning
Configuration above can be found in the examples directory in SC4SNMP GitHub repository. Next run yamllint -c <path to custom-config.yamllint> <path to values.yaml> command. Warnings can be ignored.

Install SC4SNMP

After the values.yaml creation, you can proceed with the SC4SNMP installation:

microk8s helm3 install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace

From now on, when editing SC4SNMP configuration, the configuration change must be inserted in the corresponding section of values.yaml. For more details see configuration section.

Use the following command to propagate configuration changes: 

microk8s helm3 upgrade --install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace

Verification of the deployment

In a few minutes, all pods should be up and running. It can be verified with:

microk8s kubectl get pods -n sc4snmp

Example output:

NAME                                                      READY   STATUS             RESTARTS      AGE
snmp-splunk-connect-for-snmp-scheduler-7ddbc8d75-bljsj        1/1     Running   0          133m
snmp-splunk-connect-for-snmp-worker-poller-57cd8f4665-9z9vx   1/1     Running   0          133m
snmp-splunk-connect-for-snmp-worker-sender-5c44cbb9c5-ppmb5   1/1     Running   0          133m
snmp-splunk-connect-for-snmp-worker-trap-549766d4-28qzh       1/1     Running   0          133m
snmp-mibserver-7f879c5b7c-hz9tz                               1/1     Running   0          133m
snmp-mongodb-869cc8586f-vvr9f                                 2/2     Running   0          133m
snmp-redis-master-0                                           1/1     Running   0          133m
snmp-splunk-connect-for-snmp-trap-78759bfc8b-79m6d            1/1     Running   0          99m
snmp-splunk-connect-for-snmp-inventory-mjccw                  0/1     Completed 0          6s

The output might vary depending on the configuration. In the above example, both polling and traps are configured, and the data is being sent to Splunk.

If you have traps configured, you should see EXTERNAL-IP in the snmp-splunk-connect-for-snmp-trap service. Check it using the following command:

microk8s kubectl get svc -n sc4snmp

Here is an example of the correct setup:

NAME                                TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
snmp-redis-headless                 ClusterIP      None             <none>        6379/TCP        33h
snmp-mongodb                        ClusterIP      10.152.183.147   <none>        27017/TCP       33h
snmp-mibserver                      ClusterIP      10.152.183.253   <none>        80/TCP          33h
snmp-redis-master                   ClusterIP      10.152.183.135   <none>        6379/TCP        33h
snmp-mongodb-metrics                ClusterIP      10.152.183.217   <none>        9216/TCP        33h
snmp-splunk-connect-for-snmp-trap   LoadBalancer   10.152.183.33    10.202.9.21   162:30161/UDP   33h

If you see <pending> communicate instead of the IP address, that means you either provided the wrong IP address in traps.loadBalancerIP or there is something wrong with the metallb microk8s addon.

In the following example, the default indexes are used, the metric data goes to netmetrics, and the events goes to netops.

Test SNMP Traps

  1. Simulate the event. On a Linux system, you can download snmpd package for its purpose and run:
apt update
apt-get install snmpd
snmptrap -v2c -c public EXTERNAL-IP 123 1.3.6.1.2.1.1.4 1.3.6.1.2.1.1.4 s test

Remember to replace the EXTERNAL-IP with the IP address of the snmp-splunk-connect-for-snmp-trap service from the previous list.

  1. After using the following command in the Splunk search box, you should see one event per trap command, with the host value of the test machine EXTERNAL-IP IP address: 
index="netops" sourcetype="sc4snmp:traps"

Test SNMP Poller

  1. To test SNMP poller, you can either use the device you already have, or configure snmpd on your Linux system. Snmpd needs to be configured to listen on the external IP. To enable snmpd to listen to external IP, go to the /etc/snmp/snmpd.conf configuration file, and replace the IP address 10.0.101.22 with the server IP address where snmpd is configured: agentaddress 10.0.101.22,127.0.0.1,[::1]. Restart snmpd through the following execute command:
service snmpd stop
service snmpd start

  1. Configure SC4SNMP Poller to test and add the IP address which you want to poll. Add the configuration entry into the values.yaml file by replacing the IP address 10.0.101.22 with the server IP address where the snmpd was configured. See the following: 

    poller:
  inventory: |
    address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete
    10.0.101.22,,2c,public,,,42000,,,

  2. Load values.yaml file into SC4SNMP using the following command: 

microk8s helm3 upgrade --install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace
  1. Verify if the records appeared in Splunk using the following command: 
index="netops" sourcetype="sc4snmp:event"

| mpreview index="netmetrics" | search sourcetype="sc4snmp:metric"

NOTE: Before polling starts, SC4SNMP must perform the SNMP WALK process on the device. It is run the first time after configuring the new device, and then during the run time in every walk_interval. Its purpose is to gather all the data and provide meaningful context for the polling records. For example, it might report that your device is so large that the walk takes too long, so the scope of walking needs to be limited. In such cases, enable the small walk. See walk takes too much time. When the walk finishes, events appear in Splunk.

Next Steps

A good way to start with SC4SNMP polling is to follow the Step by Step guide for polling. Advanced configuration of polling is available in the Poller configuration section. The SNMP data format is explained in the SNMP data format section.

For advanced trap configuration, see the Traps configuration section.

Uninstall Splunk Connect for SNMP

To uninstall SC4SNMP run the following commands:

 microk8s helm3 uninstall snmp -n sc4snmp
 microk8s kubectl delete pvc --all -n sc4snmp

Example of pods terminating:

NAME                                                          READY   STATUS        RESTARTS        AGE
snmp-mibserver-bb8994c64-twk42                                1/1     Terminating   2 (5h21m ago)   46h
snmp-splunk-connect-for-snmp-worker-sender-7f5557678b-psj97   1/1     Terminating   1 (5h21m ago)   22h
snmp-splunk-connect-for-snmp-worker-trap-dfcc487c-lh2dl       1/1     Terminating   1 (5h21m ago)   22h
snmp-splunk-connect-for-snmp-worker-trap-dfcc487c-5z5sq       1/1     Terminating   1 (5h21m ago)   22h
snmp-splunk-connect-for-snmp-trap-684d57dc8d-722tv            1/1     Terminating   1 (5h21m ago)   22h
snmp-splunk-connect-for-snmp-trap-684d57dc8d-z68lb            1/1     Terminating   1 (5h21m ago)   22h

Restart Splunk Connect for SNMP

First run the command to uninstall SC4SNMP, wait until all pods are removed, then use the command to install sc4snmp again.

 microk8s helm3 uninstall snmp -n sc4snmp
 microk8s kubectl delete pvc --all -n sc4snmp
 microk8s helm3 install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace