cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SNMP Trap extension add attribute to log and custom device

debeste
Contributor

Hey,

 

The snmp Trap extension does not make it easy to know, which log/custom device is created by which extension config. On the custom devices created, the only attribute present is the dt.ip_addresses.
I have multiple applications sending snmp traps, each having their own support team.
So I have to create auto tag rules for each device sending traps, based on IP.

Example: type(snmptraps:com_dynatrace_ext_snmp-traps),dt.ip_addresses(99.4.50.24)
Repeat 100x 😞

 

So it would help if I could add a variable in the extension config "application-name" thats then added to the log entry and custom device.


Is it possible to add vars to log attributes?
And how to achieve this for the snmp trap extension, as only the metric is defined here?
I was thinking about something like this, but it does not work as the custom devices only take their properties from the log records (& metrics) its seems.

 

My non working custom extension, to give some more context.

name: custom:com.dynatrace.extension.snmp-traps-generic
version: 0.0.3
minDynatraceVersion: 1.280.0
author:
  name: Dynatrace

metrics:
  - key: com.dynatrace.extension.snmp-traps-generic.traps.count
    metadata:
      displayName: Traps count
      description: Number of traps received.
      unit: Count

snmptraps:
  - group: generic
    featureSet: Events
    interval:
      minutes: 1
    metrics:
      - key: com.dynatrace.extension.snmp-traps-generic.traps.count
        type: count,delta
        value: calculated
    dimensions:
      - key: host_ip
        value: const:sender
      - key: trap_oid
        value: const:trapOID
      - key: application_name
        value: var:application-name
        

vars:
  - id: application-name
    displayName: Application name
    description: "The name of the application integrated through snmp traps"
    type: text


topology:
  relationships:
    - fromType: custom:com_dynatrace_ext_snmp-traps
      typeOfRelation: SAME_AS
      toType: network:device
      enabled: true
      sources:
        - sourceType: Entities
          mappingRules:
            - sourceProperty: dt.ip_addresses
              sourceTransformation: To lower case
              destinationProperty: dt.ip_addresses
              destinationTransformation: To lower case
  types:
    - name: custom:com_dynatrace_ext_snmp-traps
      displayName: SNMP Traps Device
      enabled: true
      rules:
        - idPattern: snmp_traps_device_{application_name}_{host_ip}
          instanceNamePattern: SNMP Traps source {application_name} {host_ip}
          sources:
            - sourceType: Metrics
              condition: $prefix(com.dynatrace.extension.snmp-traps-generic.traps.count)
          attributes:
            - pattern: '{device.address}'
              key: dt.ip_addresses
              displayName: Device Address
            - pattern: '{host_ip}'
              key: host_ip
              displayName: IP Address
            - pattern: var:application-name
              key: application_name
              displayName: Application name
          requiredDimensions: []
        - idPattern: snmp_traps_device_{application_name}_{host_ip}
          sources:
              - sourceType: Logs
          attributes: 
            - pattern: '{device.address}'
              key: dt.ip_addresses
              displayName: Device Address
            - pattern: '{host_ip}'
              key: host_ip
              displayName: IP Address
            - pattern: var:application-name
              key: application_name
              displayName: Application name
          requiredDimensions: 
            - key: log.source
              valuePattern: '$eq(snmptraps)'

screens:
  - entityType: custom:com_dynatrace_ext_snmp-traps
    detailsSettings:
      layout:
        autoGenerate: false
        cards:
          - type: INJECTIONS
          - key: traps_charts
            type: CHART_GROUP
          - key: traps_logs
            type: LOGS
            width: FULL_SIZE
      staticContent:
        breadcrumbs:
          - displayName: SNMP Traps sources
            entityType: custom:com_dynatrace_ext_snmp-traps
            type: ENTITY_LIST_REF
        showAddTag: true
        showGlobalFilter: false
        showProblems: true
        showProperties: true
        showTags: true
    chartsCards:
      - key: traps_charts
        displayName: Trap statistics
        numberOfVisibleCharts: 2
        mode: NORMAL
        charts:
          - displayName: Traps Count
            graphChartConfig:
              metrics:
                - metricSelector: com.dynatrace.extension.snmp-traps-generic.traps.count:splitBy()
                  visualization:
                    displayName: Traps count
                    seriesType: COLUMN
            visualizationType: GRAPH_CHART
          - displayName: Trap OIDs
            graphChartConfig:
              metrics:
                - metricSelector: com.dynatrace.extension.snmp-traps-generic.traps.count:splitBy("trapoid")
                  visualization:
                    seriesType: COLUMN
              stacked: true
            visualizationType: GRAPH_CHART
    logsCards:
      - key: traps_logs
        displayName: Trap details
        filterQuery: dt.source_entity inEntitySelector "$(entityConditions)"
        pageSize: 10
        showFiltering: true
        enablePaging: true

 

1 REPLY 1

debeste
Contributor

I found a sollution myself.
Its not ideal, but it works.
It would help if I would know the log/snmp-trap ingest pipeline, in some ordered list form.

Important!
Without these 3 log configurations, the setup does not work as intended.

  • Create an aditional field application_name in Log Processing, rule, based on the snmp.trap_oid field.
    USING(INOUT application_name:STRING?, snmp.trap_oid)
    | FIELDS_ADD(application_name:IF_THEN_ELSE(snmp.trap_oid CONTAINS('.6876.'), "VMWARE",application_name))

  • Add the field application_name in Log custom attributes, to make the field queryable.
  • Create a log metric log.snmptrap.count , with matcher log.source="snmptraps" and dimensions application_name, device.address, snmp.trap_oid.

Extension:

 

name: custom:com.dynatrace.extension.snmp-traps-generic
version: 0.1.6
minDynatraceVersion: 1.280.0
author:
  name: Debeste

metrics:
  - key: custom.extension.snmp-traps-generic.traps.count
    metadata:
      displayName: Traps count
      description: Number of traps received.
      unit: Count

snmptraps:
  - group: generic
    featureSet: Events
    interval:
      minutes: 1
    metrics:
      - key: custom.extension.snmp-traps-generic.traps.count
        type: count,delta
        value: calculated
    dimensions:
      - key: host_ip
        value: const:sender
      - key: trap_oid
        value: const:trapOID

        

topology:
  relationships:
    - fromType: custom:com_dynatrace_ext_snmp-traps-custom
      typeOfRelation: SAME_AS
      toType: network:device
      enabled: true
      sources:
        - sourceType: Entities
          mappingRules:
            - sourceProperty: dt.ip_addresses
              sourceTransformation: To lower case
              destinationProperty: dt.ip_addresses
              destinationTransformation: To lower case
  types:
    - name: custom:com_dynatrace_ext_snmp-traps-custom
      displayName: SNMP Traps Device Custom
      enabled: true
      rules:
        - idPattern: snmp_traps_device_{application_name}_{device.address}
          instanceNamePattern: SNMP Traps source {application_name} {device.address}
          sources:
            - sourceType: Metrics
              condition: $prefix(log.snmptrap.count)
          attributes:
            - pattern: '{device.address}'
              key: dt.ip_addresses
              displayName: Device Address
            - pattern: '{application_name}'
              key: application_name
              displayName: Application name
          requiredDimensions: []
        - idPattern: snmp_traps_device_{application_name}_{device.address}
          sources:
              - sourceType: Logs
          attributes: 
            - pattern: '{device.address}'
              key: dt.ip_addresses
              displayName: Device Address
            - pattern: '{application_name}'
              key: application_name
              displayName: Application name
          requiredDimensions: 
            - key: log.source
              valuePattern: '$eq(snmptraps)'

screens:
  - entityType: custom:com_dynatrace_ext_snmp-traps-custom
    detailsSettings:
      layout:
        autoGenerate: false
        cards:
          - type: INJECTIONS
          - key: traps_charts
            type: CHART_GROUP
          - key: traps_logs
            type: LOGS
            width: FULL_SIZE
      staticContent:
        breadcrumbs:
          - displayName: SNMP Traps sources Custom
            entityType: custom:com_dynatrace_ext_snmp-traps-custom
            type: ENTITY_LIST_REF
        showAddTag: true
        showGlobalFilter: false
        showProblems: true
        showProperties: true
        showTags: true
    chartsCards:
      - key: traps_charts
        displayName: Trap statistics
        numberOfVisibleCharts: 2
        mode: NORMAL
        charts:
          - displayName: Traps Count
            graphChartConfig:
              metrics:
                - metricSelector: log.snmptrap.count:splitBy("device.address","application_name")
                  visualization:
                    displayName: Traps count
                    seriesType: COLUMN
            visualizationType: GRAPH_CHART
          - displayName: Trap OIDs
            graphChartConfig:
              metrics:
                - metricSelector: log.snmptrap.count:splitBy("device.address","application_name","snmp.trap_oid")
                  visualization:
                    seriesType: COLUMN
              stacked: true
            visualizationType: GRAPH_CHART
    logsCards:
      - key: traps_logs
        displayName: Trap details
        filterQuery: dt.source_entity inEntitySelector "$(entityConditions)"
        pageSize: 10
        showFiltering: true
        enablePaging: true

 

 

 This results in the device names containing the application name & IP.
Aswell as adding this data as properties to the device.

debeste_0-1723624029696.png

 

This setup can be simplified hugely, if it would be possible to link a VAR from the extension config to the custom device properties.

 

 

Featured Posts