Custom Logstash snmp plugin pipeline approach

Adriann · October 13, 2020, 12:38pm

Hello,

I need to add data get via logstash SNMP plugin to elastisearch.
I wanted to ask things I am not sure about how to approach.

1.) How Can I define static fields like interface name description, hostname, etc, so I would not need to make constant SNMP requests for them while executing logstash pipeline?
2.) I am using snmp plugin walk {} function to get data for every interface. How should I approach groking and filtering of a response like as example below so I can later aggregate per host.ip and ger value for every interface regarding their name description, etc.?

{
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.3":1000000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.2":0,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.5":100000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.1":0,
"iso.org.dod.internet.mgmt.mib-2.system.sysName.0":"Hostname.name.pl",
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.6":100000000,
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.8":0,
"@version":"1",
"host":"10.10.10.10",
"@timestamp":"2020-10-13T12:27:36.990Z",
"iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.7":100000000,
}

Badger · October 13, 2020, 4:23pm

You would use a ruby filter. I have not checked if they are a close match for your use case, but this and this may give you some ideas.

system · November 10, 2020, 4:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.