Logstash: parsing snmp traps ( continue...)

Robert.I · November 27, 2017, 11:15am

Hello all,

I would like to share my solution with my problem parsing traps.

I my problem is described in this topic: https://discuss.elastic.co/t/logstash-parsing-snmp-traps/103208.

The solution was :

List item

Change the filter:

filter {
mutate {
replace => { "message" => %{SNMPv2-SMI::enterprises.2.6.212.10.1.5} : "EVENT_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.7} MESSAGE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.8} NODE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.9} ENTITY_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.3} " }
}
}

Change the output file:

if [SNMPv2-SMI::enterprises.2.6.212.10.1.5] =="ERROR" {
file {
path => "/mydirectory/logstash/snmp.log"
codec => line { format=> "ERROR: %{message}"}
}

Thanks a lot for your help.

Best regards,

guyboertje · November 27, 2017, 11:33am

Can't mark the original message as a solution. Doing it here.

system · December 25, 2017, 11:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash: parsing snmp traps Logstash	4	1850	November 9, 2017
Cannot see SNMP trap message in Kibana Kibana	6	2880	July 10, 2017
Snmp grok filter failure Logstash	7	944	August 12, 2019
[SOLVED] SNMP trap input plugin Logstash	4	9229	July 6, 2017
Help with filter/mutate, replace netflow snmp field Logstash	1	501	April 24, 2019

Logstash: parsing snmp traps ( continue...)

Related topics