Grok Filter for SNMP Trap


#1

Hi Team

I have input from snmp trap from which I would want only few fields to be captured. The SNMP trap is long string.
I have attached a complete string below however need to fetch the following part:

kpi_match_name=INT_214,
kpi_cur_value=5.51325,
kpi_name=Page Load Time INT_214_online,
kpi_updown=UPDOWN_ABOVE_MAX,
kpi_category=FX Interface Calls,
kpi_alert_link=https://10.14.122.35:8443/ruei/go.php?frmID=monitoring/alert_log/119483, kpi_target_value=5

Need immediate support for the same.

Regards
Sumit

Sample TRAP:

{"SNMPv2-SMI::enterprises.111.15.3.1.1.68.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.13.1":"Application Performance Management KPI Alert",
"host":"10.5.200.160",
"SNMPv2-SMI::enterprises.111.15.3.1.1.14.1":"End User Threshold Violation Page Load Time INT_214_online",
"SNMPv2-SMI::enterprises.111.15.3.1.1.67.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.78.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.27.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.73.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.39.1":"TEST_EUS_Butterfly",
"SNMPv2-SMI::enterprises.111.15.3.1.1.40.1":"TEST_EUS_Butterfly,EUSevent",
"SNMPv2-SMI::enterprises.111.15.3.1.1.65.1":"KPI Metric Name=end-to-end-time-per-call(ms)",
"SNMPv2-SMI::enterprises.111.15.3.1.1.74.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.49.1":"",
"SNMPv2-SMI::enterprises.111.15.3.1.1.85.1":"",
"message":
"#<SNMP::SNMPv1_Trap:0x3d50a356 @enterprise=[1.3.6.1.4.1.111.15.2], @timestamp=#<SNMP::TimeTicks:0x663e7adf @value=8766110>,
@varbind_list=[
#<SNMP::VarBind:0x48649953 @name=[1.3.6.1.4.1.111.15.3.1.1.2.1], @value="NOTIF_NORMAL">,
#<SNMP::VarBind:0x7096c91a @name=[1.3.6.1.4.1.111.15.3.1.1.3.1], @value="RUEI KPI Page Load Time INT_214_online has failed">,
#<SNMP::VarBind:0x65ebbd55 @name=[1.3.6.1.4.1.111.15.3.1.1.4.1], @value="https://N2VL-PA-OEM:7803/em/redirect?pageType=sdk-core-event-console-detailEvent&issueID=6B9F210C6B54DDD2E053A0C8050A2FEC">,
#<SNMP::VarBind:0x32c80d32 @name=[1.3.6.1.4.1.111.15.3.1.1.22.1], @value="https://N2VL-PA-OEM:7803/em/redirect?pageType=TARGET_HOMEPAGE&targetName=test_environment_INT_214&targetType=oracle_end_user_service">,
#<SNMP::VarBind:0x594a23a3 @name=[1.3.6.1.4.1.111.15.3.1.1.23.1], @value="End User Service">,
#<SNMP::VarBind:0x74f4732c @name=[1.3.6.1.4.1.111.15.3.1.1.24.1], @value="">,
#<SNMP::VarBind:0x1c38cd7f @name=[1.3.6.1.4.1.111.15.3.1.1.25.1], @value="A15ZLB89">,
#<SNMP::VarBind:0x6e6bf257 @name=[1.3.6.1.4.1.111.15.3.1.1.26.1], @value="">, #<SNMP::VarBind:0x66b48302 @name=[1.3.6.1.4.1.111.15.3.1.1.27.1], @value="">, #<SNMP::VarBind:0x310ef1eb @name=[1.3.6.1.4.1.111.15.3.1.1.28.1], @value="">, #<SNMP::VarBind:0x6b878180 @name=[1.3.6.1.4.1.111.15.3.1.1.29.1], @value="">, #<SNMP::VarBind:0x5acf3fed @name=[1.3.6.1.4.1.111.15.3.1.1.30.1], @value="">, #<SNMP::VarBind:0x18a11b25 @name=[1.3.6.1.4.1.111.15.3.1.1.31.1], @value="">, #<SNMP::VarBind:0x5ee63073 @name=[1.3.6.1.4.1.111.15.3.1.1.32.1], @value="">, #<SNMP::VarBind:0x93a21ae @name=[1.3.6.1.4.1.111.15.3.1.1.33.1], @value="">, #<SNMP::VarBind:0x2aa95733 @name=[1.3.6.1.4.1.111.15.3.1.1.34.1], @value="">, #<SNMP::VarBind:0x3ac11970 @name=[1.3.6.1.4.1.111.15.3.1.1.35.1], @value="">, #<SNMP::VarBind:0x554bd3f3 @name=[1.3.6.1.4.1.111.15.3.1.1.36.1], @value="">, #<SNMP::VarBind:0xd24afa5 @name=[1.3.6.1.4.1.111.15.3.1.1.37.1], @value="">, #<SNMP::VarBind:0x6d5461fd @name=[1.3.6.1.4.1.111.15.3.1.1.38.1], @value="">, #<SNMP::VarBind:0x5f6cefbe @name=[1.3.6.1.4.1.111.15.3.1.1.39.1], @value="TEST_EUS_Butterfly">,
#<SNMP::VarBind:0x54336beb @name=[1.3.6.1.4.1.111.15.3.1.1.40.1], @value="TEST_EUS_Butterfly,EUSevent">,
#<SNMP::VarBind:0x7cc2bf4f @name=[1.3.6.1.4.1.111.15.3.1.1.41.1], @value="A15ZLB89">, #<SNMP::VarBind:0x32d772a3 @name=[1.3.6.1.4.1.111.15.3.1.1.42.1], @value="6B9F210C6B54DDD2E053A0C8050A2FEC">, #<SNMP::VarBind:0xa7e6a58 @name=[1.3.6.1.4.1.111.15.3.1.1.43.1], @value="">,
#<SNMP::VarBind:0x45dd34cf @name=[1.3.6.1.4.1.111.15.3.1.1.44.1], @value="kpi_match_name=INT_214, kpi_match_subtype=null, kpi_cur_value=5.51325, kpi_match_type=ws, kpi_name=Page Load Time INT_214_online, kpi_updown=UPDOWN_ABOVE_MAX, kpi_category=FX Interface Calls, kpi_metric_args=alert_id=119483&no_em_metrics_link=0, kpi_template_name=load-time, kpi_metric_name=end-to-end-time-per-call(ms), kpi_alert_link=https://10.14.122.35:8443/ruei/go.php?frmID=monitoring/alert_log/119483, kpi_target_value=5">, #<SNMP::VarBind:0x2c0cd3fc @name=[1.3.6.1.4.1.111.15.3.1.1.45.1], @value="">, #<SNMP::VarBind:0x2547feb4 @name=[1.3.6.1.4.1.111.15.3.1.1.46.1], @value="RUEI KPI Page Load Time INT_214_online has failed, Incident created by rule (Name = Incident management rule set for all targets, Create incidents for critical or fatal business application alerts [System generated rule]).">, #<SNMP::VarBind:0x5c927cee @name=[1.3.6.1.4.1.111.15.3.1.1.47.1], @value="">, #<SNMP::VarBind:0x70c550ff @name=[1.3.6.1.4.1.111.15.3.1.1.48.1], @value="">, #<SNMP::VarBind:0x3a1cee28 @name=[1.3.6.1.4.1.111.15.3.1.1.49.1], @value="">, #<SNMP::VarBind:0x20b41581 @name=[1.3.6.1.4.1.111.15.3.1.1.50.1], @value="">, #<SNMP::VarBind:0x6f8e7875 @name=[1.3.6.1.4.1.111.15.3.1.1.51.1], @value="Neither Cause Nor Symptom">, #<SNMP::VarBind:0x35168fd3 @name=[1.3.6.1.4.1.111.15.3.1.1.61.1], @value="KPI Type=Real User">, #<SNMP::VarBind:0x68264af7 @name=[1.3.6.1.4.1.111.15.3.1.1.62.1], @value="KPI Name=Page Load Time INT_214_online">, #<SNMP::VarBind:0x683e426f @name=[1.3.6.1.4.1.111.15.3.1.1.63.1], @value="APM Managed Entity Type=RUEI Application">, #<


#2

Hi Team any support for the same.

Regards
Sumit


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.