1. Logpoint Service Desk
  2. Community
  3. SIEM - Searching & Analytics

Incremental values in SNMP Logs

Avatar
Follow
0

Hello!

I am receiving logs from SNMP, but the field names are incremental in nature, which have the same values as the incremental value. For an example:

oid_hierarchy_value_1 = 1

oid_hierarchy_value_2 = 2

oid_hierarchy_value_3 = 3

How can I go about extracting these fields from the logs so that I can do chart sum, average, and so on?

Share This Post:

1 comment

Date Votes
0
Avatar
Rupsan Shrestha

Hello Sandesh,

The incremental values are the child object values under the same parent object.

You can use a query like;

“ | rex oid_hierarchy_value_\d+\s=\s(?P<object_id>)  |  rename object_id as object_name | chart sum(object_name) by device_name“

or

“ | rex oid_hierarchy_value_(?P<object_id:int>)  |  rename object_id as object_name | chart avg(object_name) by device_name“

You can extract the required value through rex or norm lookup. Then use it as per your requirement in the form of sum, average, count, max, min and so on.

Please sign in to leave a comment.