Valued Contributor
Re: Enrichment of NNM Incident queries

Hi Ramesh,

 

   What i have understand through this file is :

 

1. .1.3.6.1.4.1.13567.3.4.1 is coming as a trap with values of .1.3.6.1.4.1.13567.3.4.1.1.11.0 and .1.3.6.1.4.1.13567.3.4.1.1.1.0.

 

2. Now you want to enrich so as to see the Event Type in the Message Text and Severity set accordingly.

 

So, the solution for above is that open the SNMP Trap which is of .1.3.6.1.4.1.13567.3.4.1.  Go to Enrichment Tab, create new type, set the category " fault ", family  " Node ", and Severity  " as per your requirement  ". After that set any priority accordingly and Correaltion nature as " None ".

 

After completeing all these things, in the Message Text, type $.1.3.6.1.4.1.13567.3.4.1 or you can also use $.1.3.6.1.4.1.13567.3.4.1.1.11.0.  After that go to payload Filters, create new, enter accordingly

 

ciaName  =  .1.3.6.1.4.1.13567.3.4.1.1.11.0 AND ciaValue  =  < Value you want to see >  AND ciaName  =  .1.3.6.1.4.1.13567.3.4.1.1.1.0. AND ciaValue  =  < Value you want to use >

 

In the above filters, this OID becomes visible in the console as events when there is a match. Suppose, you have configured, one for critical, one for warning. And suppose when the Event type called IPS comes as Critical, then this creates an event. Same for all others like what you have configured in the payload filters.

 

It is good to have a word with the network team that which Event is important and critical. After that you create the payload filters accordingly and set the Severity Critical for this Event Enrichment.

 

Regards,

Vik

 

Please Appreciate by hitting Kudos.