I have NetObserv Flow running in docker, working well but seeing one problem - if I change the community string from the default (“public”), SNMP enrichment for interface names no longer works. I just see the IFindexes and not the interface names. (Non-default) community string in the switch (Cisco Nexus 9300-FX2) and in elastiflow_flow_compose.yml (EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES) are the same, but not “public”. Am I missing some other piece of configuration? Thanks!
Edit: I see this in the docker logs: {“level”:“warn”,“ts”:“2025-07-17T14:56:23.852Z”,“caller”:“snmp/snmp.go:190”,“msg”:“SNMP Enricher: found no valid community string for 172.26.254.23”}
Can you clarify something? You say if you change it from the default “public” it’s not working, so does that mean it does work with “public”?
Check your logs immediately after starting the flow collector. It should record all of the start up parameters in the log file and you can see what it is loading for EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES
Can you share the YAML file and the full log? There can be conflicts in the configuration file (EF_PROCESSOR_ENRICH_NETIF_SNMP_ACCESS_ENABLE can override the config file) and there can be errors in the log showing where the config wasn’t loaded properly before the ‘warning’ you shared.
Hi Dexter, thanks for the reply. Yes, it works with “public”. I see in the flowcoll.log that in spite of the yaml config having this: EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES: 'tstevens'
The log file shows this, so seems to still be using “public”: {"level":"info","ts":"2025-07-18T19:22:40.859Z","logger":"flowcoll.processor[default]","caller":"envconf/logger.go:49","msg":"EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES=public"}
So if I have set the community string to “tstevens” on the switch side, it doesn’t work.
I can share the full config & logs but not seeing a way to attach that to the thread. I tried to put it in-line here but it exceeded the maximum post size…
I sent you a DM here so you can send me the configs/logs directly.
I would restart the collector and monitor the logs for what configuration options are loaded. Unless there is some sort of typo/syntax issue I’ve never seen the flowcoll service fail to read the configuration file on startup.