Hi CJ, Thanks for throwing some light on the problem. I am very new to ELK
world 
I dont see any complains in logstash.log wrt to SNMP trap messages.
Here is the snip of logs file
root@deb0:/var/log/logstash# tail -f logstash.log
{:timestamp=>"2017-06-09T16:25:00.471000+0530", :message=>"SIGINT received.
Shutting down the pipeline.", :level=>:warn}
{:timestamp=>"2017-06-09T16:25:00.496000+0530", :message=>"Pipeline
shutdown complete.", :level=>:info}
{:timestamp=>"2017-06-09T16:28:40.577000+0530", :message=>"Worker threads
expected: 2, worker threads started: 2", :level=>:info}
{:timestamp=>"2017-06-09T16:28:40.577000+0530", :message=>"It's a Trap!",
:Port=>162, :Community=>["public"], :Host=>"0.0.0.0", :level=>:info}
{:timestamp=>"2017-06-09T16:28:40.608000+0530", :message=>"Automatic
template management enabled", :manage_template=>"true", :level=>:info}
{:timestamp=>"2017-06-09T16:28:41.089000+0530", :message=>"Using mapping
template", :template=>{"template"=>"logstash-",
"settings"=>{"index.refresh_interval"=>"5s"},
"mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true},
"dynamic_templates"=>[{"message_field"=>{"match"=>"message",
"match_mapping_type"=>"string", "mapping"=>{"type"=>"string",
"index"=>"analyzed", "omit_norms"=>true}}},
{"string_fields"=>{"match"=>"", "match_mapping_type"=>"string",
"mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true,
"fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed",
"ignore_above"=>256}}}}}], "properties"=>{"@version"=>{"type"=>"string",
"index"=>"not_analyzed"}, "geoip"=>{"type"=>"object", "dynamic"=>true,
"properties"=>{"location"=>{"type"=>"geo_point"}}}}}}}, :level=>:info}
I am still getting proper output on stdout from logstash
{
"message" =>
"#<SNMP::SNMPv2_Trap:0x54aaa2ff @error_index=0,
@varbind_list=[#<SNMP::VarBind:0x19de40b4
@value=#<SNMP::TimeTicks:0x4e69f6b0 @value=22541758>,
@name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0xec2c508
@value=[1.3.6.1.4.1.22420.2.14.0.0.1], @name=[1.3.6.1.6.3.1.1.4.1.0]>,
#<SNMP::VarBind:0x151597ca @value=#<SNMP::Gauge32:0x3ca05996 @value=828>,
@name=[1.3.6.1.4.1.22420.2.14.1.3.2.0]>], @error_status=0,
@request_id=909307654, @source_ip="10.91.140.99">",
"host" => "10.91.140.99",
"@version" => "1",
"@timestamp" =>
"2017-06-10T02:00:38.878Z",
"type" => "snmptrap",
"SNMPv2-MIB::sysUpTime_0" => "2 days, 14:36:57.58",
"SNMPv2-MIB::snmpTrapOID_0" =>
"SNMPv2-SMI::enterprises.22420.2.14.0.0.1",
"SNMPv2-SMI::enterprises_22420_2_14_1_3_2_0" => "828"
}
While in the elasticsearch logs was getting following: After this I
followed the changes in filter mentioned at
and this error has disappeared now.
[2017-06-09 14:11:08,863][DEBUG][action.bulk ] [Doughboy]
[logstash-2017.06.09][3] failed to execute bulk item (index) index
{[logstash-2017.06.09][snmptra
p][AVyMA6f4lB7dSLba9Y7f], source[{"message":"#<SNMP::SNMPv2_Trap:0x72749130
@error_index=0, @varbind_list=[#<SNMP::VarBind:0x15cfafed
@value=#<SNMP::TimeTicks:0x7626fbc
a @value=16304519>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x795cc75f
@value=[1.3.6.1.4.1.22420.2.14.0.0.1], @name=[1.3.6.1.6.3.1.1.4.1.0]>,
#<SNMP::VarBind:0x3a25
6c38 @value=#<SNMP::Gauge32:0x6ee3ee5a @value=628>,
@name=[1.3.6.1.4.1.22420.2.14.1.3.2.0]>], @error_status=0,
@request_id=907236719, @source_ip="10.91.140.99">","hos
t":"10.91.140.99","@version":"1","@timestamp":"2017-06-09T08:41:08.778Z","type":"snmptrap","SNMPv2-MIB::sysUpTime.0":"1
day, 21:17:25.19","SNMPv2-MIB::snmpTrapOID.0":"S
NMPv2-SMI::enterprises.22420.2.14.0.0.1","SNMPv2-SMI::enterprises.22420.2.14.1.3.2.0":"628"}]}
MapperParsingException[Field name [SNMPv2-MIB::snmpTrapOID.0] cannot
contain '.']
at
org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseProperties(ObjectMapper.java:277)
at
org.elasticsearch.index.mapper.object.ObjectMapper$TypeParser.parseObjectOrDocumentTypeProperties(ObjectMapper.java:222)
at
org.elasticsearch.index.mapper.object.RootObjectMapper$TypeParser.parse(RootObjectMapper.java:139)
at
org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:118)
at
org.elasticsearch.index.mapper.DocumentMapperParser.parse(DocumentMapperParser.java:99)
at
org.elasticsearch.index.mapper.MapperService.parse(MapperService.java:549)
at
org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.applyRequest(MetaDataMappingService.java:257)
at
org.elasticsearch.cluster.metadata.MetaDataMappingService$PutMappingExecutor.execute(MetaDataMappingService.java:230)
at
org.elasticsearch.cluster.service.InternalClusterService.runTasksForExecutor(InternalClusterService.java:480)
at
org.elasticsearch.cluster.service.InternalClusterService$UpdateTask.run(InternalClusterService.java:784)
at
org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:231)
at
org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:194)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Regards,
-Manish