Logstash: SNMP Poll Input - skipping "error: no such.."

erikg · November 13, 2023, 6:11pm

Hello,
I am using SNMP poll input for logstash.
Using SNMP V3, I have a wide range of network devices to monitor which means many oids that are specific by vendor.

I want to know if there is a way to skip oids in which they return "error: no such instance currently exists at this OID".
The reason why I would like to skip is that the oid might apply to one host but not the other. I have many oids, doing this would be a lot of work for every field:

if [snmp][cpu_total_pct] == "error: no such instance currently exists at this OID\" {  
  mutate {
    remove_field => ["[snmp][cpu_total_pct]"]
  }
}

Wondering if someone might have a better approach to skip oids returning "error.." or a way to remove fields with out having to specify each field, just the value

Badger · November 13, 2023, 10:51pm

You could try something like

    ruby {
        code => '
            snmp = event.get("snmp")
            if snmp
                snmp.each { |k, v|
                    if v =~ /error: no such instance currently exists at this OID/
                        event.remove("[snmp][#{k}]")
                    end
                }
            end
        '
    }

erikg · November 13, 2023, 10:59pm

Thanks it works! You're a ruby master. Badger!

system · December 11, 2023, 11:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SNMP/MIBs issue error: no such instance currently exists at this OID Logstash	1	1204	October 21, 2020
Error: no such instance currently exists at this OID Logstash	1	227	April 10, 2020
Logstash snmp OID Logstash	3	326	May 4, 2023
How to detect incorrect OID in SNMP input plugin? Logstash docker	3	376	February 24, 2023
Not able to skip reading oids for down host in logstash Snmp file Logstash	1	208	February 28, 2023

Logstash: SNMP Poll Input - skipping "error: no such.."

Related Topics