14 Nov 2024 01:21 AM - last edited on 26 Nov 2024 10:51 AM by Michal_Gebacki
When using DPL, namely in Logs Classic, we sometimes have to check and convert values.
One great example is converting trap severity OID values into their corresponding loglevel's in Dynatrace.
I have managed to make my first conversion, and it goes like this:
USING (INOUT "CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0":STRING ) | FIELDS_ADD( loglevel: (
case
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '1' then 'CRITICAL'
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '2' then 'ERROR'
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '3' then 'SEVERE'
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '4' then 'WARN'
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '5' then 'NOTICE'
when COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '6' then 'INFO'
else "NONE"
end
) )
While I still want to confirm if these loglevel's are the best match, I believe it is pretty self-explanatory.
BTW, the Cisco definition is:
1—Critical
2—Major
3—Minor
4—Warning
5—Clear
6—Info
Also, thanks for this great finding: https://community.dynatrace.com/t5/Log-Analytics/Log-Processing-CASE-WHEN-THEN-ELSE-END-Documentatio...