Hi,
I have successfully configured Splunk to send SNMP alerts using NetSNMP via a cmd script file. All good there.
The scenario I have is that I manufacture a node-up / node-down alert based on contents of log files. The log files tell me if a certain component of the software being monitored is functional. This alert works correctly when send as an email, I effectively return a node-up or node-down as appropriate.
The issue I am having is that the search I run is fairly lengthy and has numerous commas and so forth in it. When I pass it out to the script, because the full script is passed, I am having issues with what actually gets generated for NetSNMP. I am therefore trying to work out a good way of generating a "useful" SNMP trap to send. Instead what I get is bits of the query separated by commas.
I have done a bunch of reading but haven't actually managed to work out if there is a way I can successfully do this. I considered passing the .gz file but it's location doesn't appear in the text that is output to the commandline (it appears in the Splunk event logs, just not in the debug output from the cmd batch script). I am guessing it is because of a length limitation maybe ?
Any thoughts ? Should I be going to Perl ?
Thankyou for any hints.
↧