Input stdin and snmptrap?

I am using stdin for testing of the logstash .conf files and need to input some snmptrap messages received from splunk in json format.

The first roadblock seems to be I cannot use snmptrap input as a sub input from stdin. Is there a method to make this work?

I need the functionality of the decoding of the snmptrap message MIB

input {
stdin {
yamlmibdir => "/usr/share logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs/DISMAN-EVENT-MIB"

This is my input data I drop into stdin:

{"preview":false,"offset":13,"result":{"raw":"2017-03-02 14:15:17 UDP: []:59163->[]:162 [UDP: []:59163->[]:162]:\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (4227099402) 489 days, 5:56:34.02\tSNMPv2-MIB::snmpTrapOID.0 = OID: BFD-STD-MIB::bfdSessUp\tBFD-STD-MIB::bfdSessDiag.54054154 = Gauge32: 1\tBFD-STD-MIB::bfdSessDiag.54054154 = Gauge32: 1\tBFD-STD-MIB::bfdSessAddrType.54054154 = INTEGER: ipv4(1)\tBFD-STD-MIB::bfdSessAddr.54054154 = Hex-STRING: 7F 00 00 01 \tJUNIPER-BFD-MIB::jnxBfdSessifName.0 = STRING: ge-0/0/1.0\tSNMPv2-MIB::snmpTrapEnterprise.0 = OID: JUNIPER-CHASSIS-DEFINES-MIB::jnxProductName.97","time":"2017-03-02T14:15:17.000-0800","date_hour":"14","date_mday":"2","date_minute":"15","date_month":"march","date_second":"17","date_wday":"thursday","date_year":"2017","date_zone":"local","host":"","index":"network","linecount":"2","punct":"--:::[...]:->[...]:[:[...]:->[...]:]:--::=_:","source":"/data/splunk/snmptraps/messages","sourcetype":"snmptrapd","splunk_server":"","timeendpos":"19","timestartpos":"0"}}

Thank you

if you just want to test it, you can start logstash with just the snmptrap input, and then in a separate terminal run cat data.example.log| nc localhost 1062 to send data from that file to logstash

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.