13 Nov 2024 11:02 PM
I have SNMP traps in logs. In this case, they are in a Managed environment.
A sample log contains for instance:
"CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.300109": "5",
Now, the "300109" part is variable. I want to obtain the "5" in this case.
How would the processing definition be made in this case?
06 Dec 2024 12:21 PM
You can try this
data record(content=""""CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.300109": "5",""")
| parse content, """
DQS:dq_string LD
DQS:magicnumber
"""