Splunk Connect does not send SNMP data to Splunk Heavy Forwarder

[ianipogs123]

Hi! Good day! Hoping you can assist us resolve this issue. Kindly see the details below:

Main Issue: Splunk Connect does not forward SNMP data to Splunk Heavy Forwarder.

Details:
General

• Splunk Connect can receive the SNMP Traps data from 3 Switches as seen in TCPDump.
• TCPDump of Splunk Connect outputs that it does not send any data to Splunk HF (Still the current situation).

On Splunk HF

• Data Inputs - HEC (port 8088 default) has been configured for SNMP log collection

On Splunk Connect for SNMP (SC4SNMP)

• Followed the Github and Youtube instructions to install Microk8s, all 3 Pods dependencies of Splunk Connect, and Splunk Connect.
• VM host has both Docker and Microk8s, but Microk8s has the Splunk Connect configurations
• Uses version 1.12.1 of the Splunk Connect.
• Followed the comments within values.yaml for the configurations and format of configurations of Splunk Connect.
• Only enabled SNMP Traps versions 1 and 2c. Same has been set on the 3 Switches

values.zip

[ajasnosz]

Hello,
I believe it is the same issue Matthew mentioned to us on slack channel. As to what is happening we found the bug that if only v1 for the traps is set the communities were not added properly. It will be fixed with the pr #1138. As for your value.yaml you do not have to keep all the settings if they have the default variables, I think that would help with readability.
Also are your devices some older ones that you plan to sent traps with v1?

[ajasnosz]

Fix for the traps is added in v1.12.1-beta.9.
You can update the sc4snmp to use this version by adding to the config:

image:
  tag: "1.12.1-beta.9"

Let us know if this solution resolved the issue with traps.