Community:Splunk Alert MIB

From Splunk Wiki

Jump to: navigation, search

This MIB may be used in conjunction with the Perl] and Windows CMD SNMP trap-sending scripts. You should place it in a file named SPLUNK-ALERT-MIB.txt and configure your SNMP monitoring agent to load it. 

SPLUNK-ALERT-MIB 

DEFINITIONS ::= BEGIN
    IMPORTS
        OBJECT-GROUP
            FROM SNMPv2-CONF
        enterprises, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
            FROM SNMPv2-SMI
        TRAP-TYPE
            FROM RFC-1215
        ;

alert MODULE-IDENTITY
    LAST-UPDATED "201007100300Z"
    ORGANIZATION "Splunk, Inc."
    CONTACT-INFO
        "Splunk Inc.
        250 Brannan St
        2nd Floor
        San Francisco, CA 94107
        USA
        +1 415-848-8400
        http://www.splunk.com"
    DESCRIPTION
        "MIB Module for Splunk server saved searches alerts."
    REVISION "201007100300Z"
    DESCRIPTION
        "Added alertTrap and alertTrapV1 objects"
    ::= { splunkServer 1 }

splunk OBJECT IDENTIFIER ::= { enterprises 27389 }

splunkServer OBJECT IDENTIFIER ::= { splunk 1 }

alertTrap NOTIFICATION-TYPE
    STATUS       current
    DESCRIPTION 
        "SNMPv2 Trap generated by Splunk server saved searches alerts."
    ::= { splunkServer 2 }

alertTrapv1 TRAP-TYPE
    STATUS       current
    ENTERPRISE   alert
    DESCRIPTION
        "SNMPv1 Trap generated by Splunk server saved searches alerts.
        Use OID of module, set to same value as corresponding v2 trap value."
    ::= 2

nEvents OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Number of events returned by the saved search"
    ::= { alert 1 }

searchTerms OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Search terms"
    ::= { alert 2 }

searchQuery OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Fully qualified search query string"
    ::= { alert 3 }

searchName OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the saved search"
    ::= { alert 4 }

searchReason OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Reason for saved search to trigger alert"
    ::= { alert 5 }

searchURL OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "URL to saved search"
    ::= { alert 6 }

searchTags OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Tags belonging to the saved search, optional"
    ::= { alert 7 }

searchResultsPath OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Path on the Splunk Server to a file containing search results"
    ::= { alert 8 } 

END
Retrieved from "http://wiki.splunk.com/Community:Splunk_Alert_MIB"
Hot Wiki Topics


About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk