Appendix: Splunk Integration with NVIDIA Products

NVIDIA MLNX-OS User Manual v3.11.2202 LTS

Splunk automatically clusters millions of log records in real time back into their patterns and finds connections between those patterns to form the baseline flows of each software individually, thus enables you to search, monitor and analyze that data to discover powerful insights across multiple use cases.

This appendix provides a guide on the first steps with Splunk and helps you to begin enjoying reduced time in detecting and resolving production problems.

1. Download Splunk and extract the Splunk Enterprise version. (Splunk software is available as an RPM or TGZ.)

2. Create a Splunk User /group. Run:


[root@server] groupadd splunk [root@server] useradd -d /opt/splunk -m -g splunk splunk

3. Splunk installation. Run:


[root@server] tar -xzvf splunk-7.0.0-c8a78efdd40f-Linux-x86_64.tgz [root@server] ls

4. A new folder called Splunk is created.


[root@server] cp -rp splunk/* /opt/splunk/ [root@server] chown -R splunk: /opt/splunk/ [root@server] su - splunk [splunk@server] cd bin [splunk@server] ./splunk start --accept-license

Now you can access your Splunk WebUI at http://IP:8000/ or http://hostname:8000/. You need to make sure that port 8000 is open in your server firewall.

In this example we are not using the default UDP port 514 to show that any other port can be also used.

5. In order to add a task, the switch must be configured to send logs to our Splunk server. Run:


switch > enable switch # configure terminal switch (config) # show snmp SNMP enabled: yes SNMP port: 161 System contact: System location: Read-only communities: public     Read-write communities: (none)   Interface listen enabled: yes No Listen Interfaces. switch (config) # snmp-server host informs port 8597 switch (config) # snmp-server host traps port 8597  switch (config) # snmp host informs 8597 switch (config) # snmp host traps 8597     Summary configuration:     switch (config) # show running-config ## Logging configuration ## logging logging port 8597 logging trap info logging trap override class events priority err logging monitor events notice logging receive ## SNMP configuration no snmp-server host disable snmp-server host traps port 8597 version 2c no snmp-server host disable snmp-server host traps port 8597 version 2c 8597

6. The first screen encountered after signing into the Splunk WebUI includes the “Add Data” icon.


7. The “Add Data” tab opens up with three options: Upload, Monitor, and Forward. Here our task is to monitor a folder, so we click Monitor. to proceed


In the Monitor option, the following four categories are available:

  • File & Directories – monitor files/folders

  • HTTP Event Collector – monitor data streams over HTTP

  • TCP/UDP – monitor service ports

  • Scripts – monitor scripts

8. Per our current purpose, we choose TCP/UDP option.


9. Click the TCP or UDP button to choose between a TCP or UDP input, and enter a port number in the “Port” field.

10. In the “Source name override” field, enter a new source name to override the default source value, if required.


11. Click “Next” to continue to the Input Settings page where we will create a new source type called Mellanox-Switch.


12. Click Next > Review > Done > Start Searching


SNMP represents an incredibly rich source of data that you can get into Splunk for visibility across a very diverse IT landscape.

SNMP agents may also send notifications, called Traps, to an SNMP trap listening daemon.

Getting Started

Browse to Splunkbase and download the SNMP Modular Input from

To install, simply untar the file to SPLUNK_HOME/etc/apps and restart Splunk.


Login to the Splunk WebUI and go to Manager > Add Data > Monitor > SNMP > New, and set up your input data.




13. After configuration is complete it is recommend to run Mellanox-Switch again: Search > Data Summary > Sourcetypes > Mellanox-Switch.


14. Select “Mellanox-Switch” and “Add to search”.


15. You can add to search any value that is relevant for you.



Patterns can be viewed not on real time and you can create alert on most repeatable events.

© Copyright 2023, NVIDIA. Last updated on Feb 29, 2024.