I have an SNMP trap that I'm trying to extract two fields from one string with a comma in the middle, but I'm getting no output from the segment of a field extraction for the comma separated pair of values.
The input includes (from raw_) {1.3.6.1.4.1.1482.20.1.2.1.4.1.5.21914:Board 3, Port 1, TS 0.0.0.0:1235}
So I want to output "Board 3" and "Port 1" in two Fields called **Board** and **Port**
When I use
| rex field=raw_ "1\.3\.6\.1\.4\.1\.1482\.20\.1\.2\.1\.4\.1\.5\.\d+:(?P\w+\d+\s+),(?\w+\d+\s+)}" | table _time, Board, Port
I get nothing for the fields Board or Port in the output. I've no issues with getting a bunch of other fields from this trap, but this one escapes me....
↧