With ES 6.6 it is great to see SNMP input. Typically something we would like to see is trending information of dataflow of routers, switches etc. And the trap host functionality looks great.
But... All the gathered data (for example a switch with traffic over all ports!) that is put into 1 document in ES.
Compare this to for example metricbeat where each filesystem for a host returns a separate document for each filesystem.
This fact makes it very hard to plot an internet traffic graph for a switch in Kibana. Yes, I know that you can use TimeLion, but it seems like this SNMP input plugin is suboptimal.
Let us say, a switch with 64 input ports and 64 output ports and 64 error counters per port, that is a crime to plot in TL. It would be nice to say split graph for a particular field as is a default Kibana behaviour...
Compare that to devmon (a SNMP Perl plugin for the monitoring tool Xymon), where you can handle all this load of ports and data. https://github.com/bonomani/devmon/
Perhaps I'm too eager solving this issue, but can someone agree or disagree upon the current status?
Where metric beat, packet beat all create separate documents, within smtp the result it is just one document with a 30 to 50 subfields or more depending upon the number of metrics to be scanned (see below):
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
