Cribl LogStream supports receiving data from SNMP Traps.
Type: Push | TLS Support: NO | Event Breaker Support: No
Select Data > Sources, then select SNMP Trap from the Data Sources page's tiles or left menu. Click Add New to open the SNMP Trap > New Source pane, which provides the fields outlined below.
LogStream ships with an SNMP Trap Source preconfigured to listen on Port 9162. You can clone or directly modify this Source to further configure it, and then enable it.
Input ID: Enter a unique name to identify this Source definition.
Address: Address to bind on. Defaults to
0.0.0.0 (all addresses).
UDP Port: Port on which to receive SNMP traps. Defaults to
In this section, you can add fields/metadata to each event using Eval-like functionality.
Name: Field name.
In this section's Pipeline drop-down list, you can select a single existing Pipeline to process data from this input before the data is sent through the Routes.
IP whitelist regex: Regex matching IP addresses that are allowed to send data. Defaults to
.* i.e. all IPs.
Max buffer size (events) : Maximum number of events to buffer when downstream is blocking. Defaults to
Cribl LogStream uses a set of internal fields to assist in handling of data. These "meta" fields are not part of an event, but they are accessible, and Functions can use them to make processing decisions.
Fields for this Source:
__snmpVersion: Acceptable values are
__snmpRaw: Buffer containing Raw SNMP packet
It's possible to work with SNMP metadata (i.e., we'll decode the packet). Options include dropping, routing, etc.
SNMP packets can be forwarded to other SNMP destinations. However, the contents of the incoming packet cannot be modified – i.e., we'll forward the packets verbatim as they came in.
SNMP packets can be forwarded to non-SNMP destinations (e.g., Splunk, Syslog, S3, etc.).
Non-SNMP input data cannot be sent to SNMP destinations.
Updated 4 months ago