19 Sep 2024 03:18 PM
Hi folks,
When different types of snmptraps are forwarded to the AGs with the "SNMP Trap" extension code,
the data ingested as logs, and many variables/fields are produced.
Some variables like {content},{device.address},{snmp.trap_oid} are always available,
but most other variables depend on the snmp trap.
I would like to print all the data contained in the different variables into a Problem.
Example:
For "*::linkDown" traps, useful data would be in the variable {"IF-MIB::ifDescr"}
For "*::cieLinkDown" traps, useful data would be in the variable {"IF-MIB::ifName"}
I do not know in advance which snmp traps will be sent to DT, and with which variablenames,
so I do not see a way to put the useful data from a snmptrap in a problem.
At the moment, I'm trying to get something working by adding "Log processing" rules,
but I'm having to assign data from the hardcoded variable names into common managed variables.
Question 1:
Is there variable containing "ALL" the data, like I've seen in other extensions (something like {data})?
Question 2:
In the log processing rules:
Can you loop programatically on all variables to assign their data to a known variable?
I would be grateful, if anyone could help me avance on this topic.
Regards, LB
19 Sep 2024 03:19 PM
For reference;
Here is a sample of the data that would go through the "Log processing" rule with a matcher like: log.source="snmptraps"
{
"event.type": "LOG",
"content": "SNMP trap (IF-MIB::linkDown) reported from src:10.x.x.x\n agent:10.x.x.x",
"status": "INFO",
"timestamp": "1726582318001",
"loglevel": "NONE",
"log.source": "snmptraps",
"snmp.trap_oid": "IF-MIB::linkDown",
"device.address": "10.x.x.x",
"SNMPv2-MIB::sysUpTime": "992105",
"IF-MIB::ifAlias": "HostPC",
"SNMPv2-MIB::snmpTrapOID": ".1.3.6.1.6.3.1.1.5.3",
"alert.title": "IF-MIB::linkDown",
"IF-MIB::ifOperStatus": "down(2)",
"IF-MIB::ifDescr": "port-channel1282",
"IF-MIB::ifIndex": "369100033",
"IF-MIB::ifAdminStatus": "up(1)",
"dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-yyyy",
"snmp.version": "2c",
"SNMPv2-MIB::snmpTrapEnterprise": ".1.3.6.1.6.3.1.1.5.3"
}