Custom Logstash snmp plugin pipeline approach

Hello,

I need to add data get via logstash SNMP plugin to elastisearch.
I wanted to ask things I am not sure about how to approach.

1.) How Can I define static fields like interface name description, hostname, etc, so I would not need to make constant SNMP requests for them while executing logstash pipeline?
2.) I am using snmp plugin walk {} function to get data for every interface. How should I approach groking and filtering of a response like as example below so I can later aggregate per host.ip and ger value for every interface regarding their name description, etc.?

{
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.3":1000000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.2":0,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.5":100000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.1":0,
"iso.org.dod.internet.mgmt.mib-2.system.sysName.0":"Hostname.name.pl",
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.6":100000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.8":0,
"@version":"1",
"host":"10.10.10.10",
"@timestamp":"2020-10-13T12:27:36.990Z",
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.7":100000000,
}

You would use a ruby filter. I have not checked if they are a close match for your use case, but this and this may give you some ideas.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.