SNMP Trap enrichment:

Hi all,

We are trying to retrieve SNMP Trap information from multiple devices 1000+. The question now is how can we enrich the data per device is there a possible way off adding environment information.

field = “source”
dest = “source_name”

Than on the destination processor check if the dns contains a string and add a new tag.
field = “source_name”
regex_match = .env-name-xyz.
new_tag = “”

field = “source_name”
regex_match = .env-name-yz.
new_tag = “env=env.yz”

Hope this is a bit clear and someone has a solution to this.

It looks like you have the snmp_trap input and the reverse_dns processor working already. The next steps you’re describing should be possible with a regex processor on the source_name field producing a new field (specified with regex’s result_key), and a converter processor to switch the new field to a tag.

You’ll end up with a chain: snmp_trap input -> reverse_dns processor -> regex processor -> converter processor -> output. The processor order is important so you’ll need to add an order setting on each processor. Here’s more information on setting order:

You may want to add namepass to each processor so it only processes snmp_trap metrics and ignores everything else.

Hi Reimda,

Thanks for the links, just wanted to add in my working configuration for others to use.

Just one small other question is there a way to use external datasources to enrich the data with key:value pairs (labels)?

service_address = “udp://:162”

order = 1
tag = “source”
dest = “host”

order = 2
#look in key matching value
key = “host”
pattern = “
replacement = “squad-name”
result_key = “squad”