This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Log Analytics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SNMP trap processing

MichalSzekely
Visitor

‎13 Apr 2026 10:49 AM - last edited on ‎14 Apr 2026 07:23 AM by Community Team

hello,

I received a trap like this:
{
"event.type": "LOG",
"content": "SNMP trap (SNMPv2-SMI::experimental.94.0.4) reported from src:10.10.10.12\n agent:10.10.10.12",
"status": "NONE",
"timestamp": "1775468179963",
"loglevel": "NONE",
"log.source": "snmptraps",
"dt.openpipeline.source": "extension:com.dynatrace.extension.snmp-traps-generic",
"snmp.trap_oid": "SNMPv2-SMI::experimental.94.0.4",
"device.address": "10.10.10.10",
"dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-BLABLA",
"SNMPv2-MIB::snmpTrapOID": ".1.3.6.1.3.94.0.4",
"DISMAN-EVENT-MIB::sysUpTimeInstance": "1033947497",
"SNMPv2-SMI::experimental.94.1.11.1.7.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "2",
"device.name": "huhu.eps.com",
"node.fqdn": "huhu.eps.com",
"snmp.version": "3",
"SNMPv2-SMI::experimental.94.1.11.1.8.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": ".0.0",
"SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0": "MAPS-1010 Port(s) fenced due to RuleName=defALL_OTHER_F_PORTSITW_40, Condition=ALL_OTHER_F_PORTS(ITW/min>40), Obj:port5, F-Port 5 [ ITW,43 ITWs]."
}

I would process this trap and create a problem if the word "fenced" appears anywhere.

My issue is that "fenced" is located in the field
SNMPv2-SMI::experimental.94.1.11.1.9.16.0.136.148.113.161.162.91.0.0.0.0.0.0.0.0.0 
where SNMPv2-SMI::experimental.94.1.11.1 is static and the rest is dynamic, it looks like a device identifier.

How can I filter the value "fenced" in this field for all incoming messages on all devices?

0 Kudos
Reply
2 REPLIES 2

AntonioSousa
DynaMight Guru
DynaMight Guru

‎13 Apr 2026 12:11 PM

@MichalSzekely ,
Traditionally you'll have to configure a “Log custom attribute” to search it. In Grail, never did SNMP traps myself, I would have to ask someone that did.

Antonio Sousa
Reply

SjoerdB
Mentor

‎13 Apr 2026 02:07 PM - edited ‎13 Apr 2026 02:08 PM

Did you manually change the last part to 0.0.0.0.etc ? Usually there is a still a field-identifyer and after that might be some dynamics. In the snmp-trap extension config you can define that it should trim some last digits from the oid, to only have the devicetype+fieldnumber which you can use to capture the exact field you need. This is always a hard thing to handle, but at least some description on this can be found here:

https://docs.dynatrace.com/docs/shortlink/snmptraps-extension#advanced

In openpipeline-logs (filter: log.source=="snmptraps") you can then create nice attributes, and based on those attributes you can trigger an event in the openpipeline.

Dynatrace Certified Professional | Dynatrace partner IctCoreBiz B.V.
0 Kudos
Reply
Ask a question

Featured Posts