SNMP Trap Input - snmp fields not useable in pipeline rules

HansWurst · January 9, 2020, 11:47am

Hello,

I am using the SNMP Trap Input from marketplace. Now I try to use fields from Trap in pipeline rules, but they are always empty.

No MIB file is used, so each message contains fields with snmp oids. For example oid 1.2.3 will be shown as field snmp_1_2_3. In search field, I see that field snmp_1_2_3 has a value. Field test_1 has value “ok”, so I know this rule fires. But field test_2 is empty / not set.

Using has_field(snmp_1_2_3) in when clause does also not work.

rule "test"
when
    true
then
    set_field("test_1", "ok");
    set_field("test_2", to_string($message.snmp_1_2_3));
end

Any ideas? THe Guthub projects seems not maintained and I dont have the skills to fix java code by myself.

shoothub · January 9, 2020, 1:14pm

If I were you, I would rather use:

Either logstash with snmptrap input plugin and send output to graylog
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmptrap.html
Or another tool, that is better capable of mange snmp-traps, some NMS like Zabbix, Iginca for example.

HansWurst · January 9, 2020, 1:34pm

Yes, logstash with snmp trap input and gelf output to graylog…
That sounds like a very good idea - thank you!

system · January 23, 2020, 1:34pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replace in extractor Graylog Central (peer support)	5	1402	December 4, 2017
3.1 pipeline help Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	2	742	September 6, 2019
Pipeline rule to extract key-value pair not working Graylog Central (peer support) pipeline-rules	20	1920	April 23, 2022
Pipeline - Field not showing Graylog Central (peer support)	7	1812	December 1, 2017
Unable to reference fields in pipeline rules Graylog Central (peer support) pipeline-rules	4	378	February 17, 2021

SNMP Trap Input - snmp fields not useable in pipeline rules

Related Topics