SNMP Dashboard - Can you select a 'field' with wildcard so that it can handle multiple vendors' OIDs?


#1

New to ELK and trying to create a dashboard that displays SNMP traps from multiple vendors' devices. Would like to create a general table that can display traps from all vendors. However, when the drop-down for 'field' has listing from each OID that is in ElasticSearch. Is it possible to create a generic or wildcard field, say, 'SNMPv2-SMI::enterprises.*'?

Or perhaps what is the best way to handle multiple MIBs?

thanks


(Lee Drengenberg) #2

If you create some visualization that has a list of the terms you would like to be able to filter on, then when you click on one of those it should filter everything on the dashboard by that.

So for example, I created a Data Table and Split Rows with a Filters aggregation. You can use whatever field and values with wildcards you like. In my first filter I added metricset.name:cpu and metricset.name:load so it includes docs with either of those values.

Then I added this new visualization to an existing metricbeat dashboard. Now I can mouse-over any of those filters and click on the + to add a filter to the dashboard like that. The just delete the filter when you want all results again.

Regards,
Lee


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.