This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SNMP Traps Extension : How can I put ALL the data ingested into a Problem

LaurentBignens
Participant

‎19 Sep 2024 03:18 PM

Hi folks,
When different types of snmptraps are forwarded to the AGs with the "SNMP Trap" extension code,
the data ingested as logs, and many variables/fields are produced.
Some variables like {content},{device.address},{snmp.trap_oid} are always available,
but most other variables depend on the snmp trap.

I would like to print all the data contained in the different variables into a Problem.
Example:
For "*::linkDown" traps, useful data would be in the variable {"IF-MIB::ifDescr"}
For "*::cieLinkDown" traps, useful data would be in the variable {"IF-MIB::ifName"}

I do not know in advance which snmp traps will be sent to DT, and with which variablenames,
so I do not see a way to put the useful data from a snmptrap in a problem.

At the moment, I'm trying to get something working by adding "Log processing" rules,
but I'm having to assign data from the hardcoded variable names into common managed variables.

Question 1:
Is there variable containing "ALL" the data, like I've seen in other extensions (something like {data})?

Question 2:
In the log processing rules:
Can you loop programatically on all variables to assign their data to a known variable?

I would be grateful, if anyone could help me avance on this topic.

Regards, LB

Labels:
Reply
2 REPLIES 2

LaurentBignens
Participant

‎19 Sep 2024 03:19 PM

For reference;
Here is a sample of the data that would go through the "Log processing" rule with a matcher like: log.source="snmptraps"
{
"event.type": "LOG",
"content": "SNMP trap (IF-MIB::linkDown) reported from src:10.x.x.x\n agent:10.x.x.x",
"status": "INFO",
"timestamp": "1726582318001",
"loglevel": "NONE",
"log.source": "snmptraps",
"snmp.trap_oid": "IF-MIB::linkDown",
"device.address": "10.x.x.x",
"SNMPv2-MIB::sysUpTime": "992105",
"IF-MIB::ifAlias": "HostPC",
"SNMPv2-MIB::snmpTrapOID": ".1.3.6.1.6.3.1.1.5.3",
"alert.title": "IF-MIB::linkDown",
"IF-MIB::ifOperStatus": "down(2)",
"IF-MIB::ifDescr": "port-channel1282",
"IF-MIB::ifIndex": "369100033",
"IF-MIB::ifAdminStatus": "up(1)",
"dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-yyyy",
"snmp.version": "2c",
"SNMPv2-MIB::snmpTrapEnterprise": ".1.3.6.1.6.3.1.1.5.3"
}

0 Kudos
Reply

fabrice-externe
Participant

‎24 Feb 2025 03:32 PM

Hi,

We have the exact same issue and from what we know, there is no way at the moment to get the full Trap payload (as Json would be nice) and this prevent to implement any generic trap processing : you must know what are the trap attributes otherwise you can't access them in processing rules or event extraction rules.

A configuration option "Capture full trap in Content" in the extension to get the full trap as JSON inside the "content" of the log record would fix the issue for us. Defaulting this option to "deactivated" would avoid any disturbance to customer relying on the current behaviour.

If someone from Dynatrace is listening, please implement this !

Regards

 

0 Kudos
Reply
Ask a question

Featured Posts