SNMP Trap enrichment:

Hi all,

We are trying to retrieve SNMP Trap information from multiple devices 1000+. The question now is how can we enrich the data per device is there a possible way off adding environment information.

[[processors.reverse_dns]]
field = “source”
dest = “source_name”

Than on the destination processor check if the dns contains a string and add a new tag.
[[processors…]]
field = “source_name”
regex_match = .env-name-xyz.
new_tag = “env=env.xyz”

[[processors…]]
field = “source_name”
regex_match = .env-name-yz.
new_tag = “env=env.yz”

Hope this is a bit clear and someone has a solution to this.

It looks like you have the snmp_trap input and the reverse_dns processor working already. The next steps you’re describing should be possible with a regex processor on the source_name field producing a new field (specified with regex’s result_key), and a converter processor to switch the new field to a tag.

You’ll end up with a chain: snmp_trap input -> reverse_dns processor -> regex processor -> converter processor -> output. The processor order is important so you’ll need to add an order setting on each processor. Here’s more information on setting order: https://github.com/influxdata/telegraf/blob/master/docs/CONFIGURATION.md#processor-plugins

You may want to add namepass to each processor so it only processes snmp_trap metrics and ignores everything else. https://github.com/influxdata/telegraf/blob/master/docs/CONFIGURATION.md#selectors

Hi Reimda,

Thanks for the links, just wanted to add in my working configuration for others to use.

Just one small other question is there a way to use external datasources to enrich the data with key:value pairs (labels)?

[[inputs.snmp_trap]]
service_address = “udp://:162”

[[processors.reverse_dns]]
order = 1
[[processors.reverse_dns.lookup]]
tag = “source”
dest = “host”

[[processors.regex]]
order = 2
[[processors.regex.tags]]
#look in key matching value
key = “host”
pattern = “.wan.company-name.net.
#value
replacement = “squad-name”
#key
result_key = “squad”