https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297594#M1558 <P>hello,</P> <P>I received a trap like this:<BR />{<BR />"event.type": "LOG",<BR />"content": "SNMP trap (SNMPv2-SMI::experimental.94.0.4) reported from src:10.10.10.12\n agent:10.10.10.12",<BR />"status": "NONE",<BR />"timestamp": "1775468179963",<BR />"loglevel": "NONE",<BR />"log.source": "snmptraps",<BR />"dt.openpipeline.source": "extension:com.dynatrace.extension.snmp-traps-generic",<BR />"snmp.trap_oid": "SNMPv2-SMI::experimental.94.0.4",<BR />"device.address": "10.10.10.10",<BR />"dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-BLABLA",<BR />"SNMPv2-MIB::snmpTrapOID": ".1.3.6.1.3.94.0.4",<BR />"DISMAN-EVENT-MIB::sysUpTimeInstance": "1033947497",<BR />"SNMPv2-SMI::experimental.94.1.11.1.7.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "2",<BR />"device.name": "huhu.eps.com",<BR />"node.fqdn": "huhu.eps.com",<BR />"snmp.version": "3",<BR />"SNMPv2-SMI::experimental.94.1.11.1.8.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": ".0.0",<BR />"SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "MAPS-1010 Port(s) fenced due to RuleName=defALL_OTHER_F_PORTSITW_40, Condition=ALL_OTHER_F_PORTS(ITW/min&gt;40), Obj:port5, F-Port 5 [ ITW,43 ITWs]."<BR />}</P> <P>I would process this trap and create a problem if the word <STRONG>"fenced"</STRONG> appears anywhere.</P> <P>My issue is that <STRONG>"fenced"</STRONG> is located in the field<BR />SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0&nbsp;<BR />where SNMPv2-SMI::experimental.94.1.11.1 is static and the rest is dynamic, it looks like a device identifier.</P> <P>How can I filter the value <STRONG>"fenced"</STRONG> in this field for all incoming messages on all devices?</P> Tue, 14 Apr 2026 06:23:55 GMT MichalSzekely 2026-04-14T06:23:55Z https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297594#M1558 <P>hello,</P> <P>I received a trap like this:<BR />{<BR />"event.type": "LOG",<BR />"content": "SNMP trap (SNMPv2-SMI::experimental.94.0.4) reported from src:10.10.10.12\n agent:10.10.10.12",<BR />"status": "NONE",<BR />"timestamp": "1775468179963",<BR />"loglevel": "NONE",<BR />"log.source": "snmptraps",<BR />"dt.openpipeline.source": "extension:com.dynatrace.extension.snmp-traps-generic",<BR />"snmp.trap_oid": "SNMPv2-SMI::experimental.94.0.4",<BR />"device.address": "10.10.10.10",<BR />"dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-BLABLA",<BR />"SNMPv2-MIB::snmpTrapOID": ".1.3.6.1.3.94.0.4",<BR />"DISMAN-EVENT-MIB::sysUpTimeInstance": "1033947497",<BR />"SNMPv2-SMI::experimental.94.1.11.1.7.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "2",<BR />"device.name": "huhu.eps.com",<BR />"node.fqdn": "huhu.eps.com",<BR />"snmp.version": "3",<BR />"SNMPv2-SMI::experimental.94.1.11.1.8.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": ".0.0",<BR />"SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "MAPS-1010 Port(s) fenced due to RuleName=defALL_OTHER_F_PORTSITW_40, Condition=ALL_OTHER_F_PORTS(ITW/min&gt;40), Obj:port5, F-Port 5 [ ITW,43 ITWs]."<BR />}</P> <P>I would process this trap and create a problem if the word <STRONG>"fenced"</STRONG> appears anywhere.</P> <P>My issue is that <STRONG>"fenced"</STRONG> is located in the field<BR />SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0&nbsp;<BR />where SNMPv2-SMI::experimental.94.1.11.1 is static and the rest is dynamic, it looks like a device identifier.</P> <P>How can I filter the value <STRONG>"fenced"</STRONG> in this field for all incoming messages on all devices?</P> Tue, 14 Apr 2026 06:23:55 GMT https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297594#M1558 MichalSzekely 2026-04-14T06:23:55Z https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297602#M1559 <P><a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/60374">@MichalSzekely</a>&nbsp;,<BR />Traditionally you'll have to configure a “Log custom attribute” to search it. In Grail, never did SNMP traps myself, I would have to ask someone that did.</P> Mon, 13 Apr 2026 11:11:27 GMT https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297602#M1559 AntonioSousa 2026-04-13T11:11:27Z https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297609#M1560 <P>Did you manually change the last part to 0.0.0.0.etc ? Usually there is a still a field-identifyer and after that might be some dynamics. In the snmp-trap extension config you can define that it should trim some last digits from the oid, to only have the devicetype+fieldnumber which you can use to capture the exact field you need. This is always a hard thing to handle, but at least some description on this can be found here:<BR /><BR /><A href="https://docs.dynatrace.com/docs/shortlink/snmptraps-extension#advanced" target="_blank" rel="noopener">https://docs.dynatrace.com/docs/shortlink/snmptraps-extension#advanced</A></P><P>In openpipeline-logs (filter: log.source=="snmptraps") you can then create nice attributes, and based on those attributes you can trigger an event in the openpipeline.</P> Mon, 13 Apr 2026 13:08:09 GMT https://community.dynatrace.com/t5/Log-Analytics/SNMP-trap-processing/m-p/297609#M1560 SjoerdB 2026-04-13T13:08:09Z