14 Nov 2024 12:24 AM
Trying to do a Processor definition using an SNMP attribute like CISCO-SMIciscoMgmt.311.1.1.2.1.17.0
The idea is that when the value is "4" it changes loglevel to "WARN":
USING (INOUT loglevel:STRING, CISCO-SMIciscoMgmt.311.1.1.2.1.17.0) | FIELDS_ADD(loglevel:IF_THEN(CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0 == '4', "WARN"))
It gives the following error: "Invalid processing rule definition: invalid used symbol: SMIciscoMgmt.311.1.1.2.1.17.0 at 1:36 - no viable alternative at input 'CISCOSMIciscoMgmt.311.1.1.2.1.17.0'"
i haven't managed to escape it and involving it with " or ' also doesn't work. Any ideas?
Solved! Go to Solution.
14 Nov 2024 12:40 AM
Oh my, I had something very similar in the past: https://community.dynatrace.com/t5/Log-Analytics/Searching-Logs-for-SNMP-trap-content/m-p/219443
the correct way to do it is:
USING (INOUT "CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0":STRING ) | FIELDS_ADD(loglevel:IF_THEN(COLUMN("CISCO-SMI::ciscoMgmt.311.1.1.2.1.17.0") == '4', "WARN"))