Hi.
I have a log like this:
12:32:46 2021/06/28 ZBXTRAP 192.168.50.135
PDU INFO:
notificationtype INFORM
version 1
receivedfrom UDP: [192.168.50.135]:10756->[172.27.2.8]:162
errorstatus 0
messageid 0
community Proph3cy07
transactionid 1
errorindex 0
requestid 80551700
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (15391411) 1 day, 18:45:14.11
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.19444.6.2.1.1
SNMPv2-SMI::enterprises.19444.6.2.1.1.2.0 type=4 value=STRING: "2.28"
SNMPv2-SMI::enterprises.19444.6.2.1.1.3.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.4.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.5.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.6.0 type=4 value=STRING: "DFSA-SBC-META01"
SNMPv2-SMI::enterprises.19444.6.2.1.1.7.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.8.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.9.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.10.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.11.0 type=6 value=OID: SNMPv2-SMI::zeroDotZero.0
SNMPv2-SMI::enterprises.19444.6.2.1.1.20.0 type=66 value=Gauge32: 70
SNMPv2-SMI::enterprises.19444.6.2.1.1.21.0 type=2 value=INTEGER: 2
SNMPv2-SMI::enterprises.19444.6.2.1.1.23.0 type=4 value=STRING: "The \"Total percentage of call setup attempts failing\" statistic exceeded its configured thresholds. Current value: 86.6816. Lower limit: not set. Upper limit: 1.0000. This alarm will clear when the value is at or below 0.0000."
SNMPv2-SMI::enterprises.19444.6.2.1.1.24.0 type=4 value=STRING: "A component of the system is operating outside its normal thresholds. Consult the Perimeta Operations and Maintenance Guide for more information."
SNMPv2-SMI::enterprises.19444.6.2.1.1.25.0 type=4 value=STRING: "The effect of this alarm is dependent on the statistic that triggered it."
SNMPv2-SMI::enterprises.19444.6.2.1.1.26.0 type=4 value=STRING: "The action to take to resolve this alarm depends on the statistic that triggered it, but it may clear naturally if the conditions driving the statistic subside. For further steps consult the Perimeta Operations and Maintenance Guide."
SNMPv2-SMI::enterprises.19444.6.2.1.1.27.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.28.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.29.0 type=2 value=INTEGER: 26627
SNMPv2-SMI::enterprises.19444.6.2.1.1.50.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.51.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.52.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.53.0 type=2 value=INTEGER: 105
SNMPv2-SMI::enterprises.19444.6.2.1.1.54.0 type=4 value=STRING: "4c4c4544-0044-4b10-8053-c2c04f573532"
SNMPv2-SMI::enterprises.19444.6.2.1.1.55.0 type=4 value=STRING: "DFSA-SBC-META01"
SNMPv2-SMI::enterprises.19444.6.2.1.1.56.0 type=4 value=STRING: "192.168.50.135"
SNMPv2-SMI::enterprises.19444.6.2.1.1.57.0 type=66 value=Gauge32: 67376384
SNMPv2-SMI::enterprises.19444.6.2.1.1.80.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.81.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.82.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.83.0 type=5 value=NULL
SNMPv2-SMI::enterprises.19444.6.2.1.1.84.0 type=66 value=Gauge32: 1624879006
SNMPv2-SMI::enterprises.19444.6.2.1.1.90.0 type=2 value=INTEGER: 1
Im try to split the lines that start whith "SNMPv2..." in a nested field with multiline but it doestn work because the pattern also is include in the "value" field
Someone have ideas
Note: The log is read from a file .log