Ruby Filter for Compressed Binary OID Table

Hello all,

I'm working within an OID that returns values in compressed binary. I've been able to successfully come up with a config (below) that polls a single SNMP OID with compressed binary value using 'get' and then convert the string into a readable fashion.

I'm new to Ruby so my issue comes when I try to convert this config to translate compressed binary OIDs that are part of an SNMP table. Below is my working config for a single OID value.

Can you help me convert this config to work when polling a table instead?

input {
  snmp {
    hosts => [{host => "udp:xxx.xxx.xxx.xxx/161" version => "1" community => "public"}]
    get => ["IndividualOID"]

    interval => 60
  }
}
filter {
  ruby {
    code => " 
     value = event.get('iso.org.dod.internet.private.enterprises.IndividualOID');

      valArray = value.split(':');
      event.set('LinkState',valArray[0].hex.to_i());
      event.set('LinkWorkingMode',valArray[1].hex.to_i());
      event.set('SessionId',valArray[2..5].join('').hex.to_i());
    "
  }
  mutate {
    remove_field => ["iso.org.dod.internet.private.enterprises.IndividualOID"]
  }
}

output {
  stdout {}
}

So the solution to this problem ended up being much simpler than we imagined...

input {
  snmp {
    hosts => [{host => "udp:xxx.xxx.xxx.xxx/161" version => "1" community => "public"}]
    tables => [
      {
        "name" => "RAD"
        "columns" => [
          "tableOID"
        ]
      }
    ]
    interval => 60
  }
}
filter {

  split {
    field => "RAD"
  }

  mutate {
    copy => { "[RAD][tableOID]" => "contentStuff" }
    copy => { "[RAD][index]" => "deviceIndex" }
  }

  ruby {
    code => "
      value = event.get('contentStuff');

      valArray = value.split(':');
      event.set('LinkState',valArray[0].hex.to_i());
      event.set('LinkWorkingMode',valArray[1].hex.to_i());
      event.set('SessionId',valArray[2..5].join('').hex.to_i());

    "
  }

  mutate {
    remove_field => ["RAD","contentStuff"]
  }
}

output {
  stdout {}
}