You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/troubleshooting/configuring-logs.md
+82Lines changed: 82 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,3 +74,85 @@ Example command to retrieve logs from `splunk-connect-for-snmp-worker-poller`:
74
74
docker logs docker_compose-worker-poller-1
75
75
```
76
76
77
+
## Useful Splunk Queries for Troubleshooting
78
+
79
+
If you are sending logs from Docker or Kubernetes to Splunk, the best solution to monitor the behavior of the SC4SNMP is
80
+
to download the [dashboard](../dashboard.md#sc4snmp-monitoring-dashboard). Otherwise, you can use some of the Splunk queries mentioned below to check the
81
+
statuses of specific tasks.
82
+
83
+
!!!info
84
+
In all queries, replace `index=*` with the specific index, set in the OTEL or Docker configuration, to which the logs were sent in Splunk. Sourcetype name may differ based on SC4SNMP deployment.
85
+
86
+
### Walk status
87
+
88
+
To check the status of a walk task, you can use the following queries:
89
+
90
+
If the task was initialized by the scheduler after setting the `walk_interval`, use this query:
91
+
```
92
+
index=* sourcetype="*:container:splunk-connect-for-snmp-*" "Scheduler: Sending due task sc4snmp;*;walk"
93
+
```
94
+
95
+
The status of a completed task can be `retry`, `succeeded`, or, in the case of an error, a message may include
96
+
`raised unexpected`.
97
+
If you encounter `retry` or `raised unexpected`, refer to the [troubleshooting polling section](polling-issues.md) of the documentation.
98
+
The following queries can help filter logs to observe the walk task status:
99
+
```
100
+
index=* sourcetype="*:container:splunk-connect-for-snmp-*" splunk_connect_for_snmp.snmp.tasks.walk NOT received
You can also add the `IP address` to any of the above queries to filter results for a specific device.
109
+
Example response for the `retry` query:
110
+
```
111
+
Task splunk_connect_for_snmp.snmp.tasks.walk[f77c6734-ed37-4759-9938-9345799dea57] retry: Retry in 28s: SnmpActionError('An error of SNMP isWalk=True for a host 127.0.0.1 occurred: No SNMP response received before timeout')
112
+
```
113
+
To check the status and progress of a specific task, filter by the task ID within the `[]`.
114
+
115
+
### Polling status
116
+
117
+
To check the status of a polling task, use the following queries:
118
+
119
+
If the task was initialized by the scheduler after setting the `frequency`, use this query:
120
+
```
121
+
index=* sourcetype="*:container:splunk-connect-for-snmp-scheduler*" "Scheduler: Sending due task sc4snmp;*;*;poll"
122
+
```
123
+
124
+
The status of a completed task can be either `failed`, `succedded`.
125
+
If the task shows `failed` refer to the [troubleshooting polling section](polling-issues.md) of the documentation.
126
+
The following queries can help filter logs to observe the poll task status:
0 commit comments