Events being split for no apparent reason

Question

Events being split for no apparent reason

M-Bates opened this issue 7 months ago · comments

Some polls are being split into multiple events for an undetermined reason.
When split, data enrichment is not being added to all events, only the first.

The corresponding profile definition
Juniper_srx_spu: frequency: 120 condition: type: "field" field: "SNMPv2-MIB.sysDescr" patterns: #- "This will match nothing" - ".*Juniper.*srx.*" varBinds: # jnxJsSPUMonitoringObjectsEntry - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringFPCIndex"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringSPUIndex"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCPUUsage"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMemoryUsage"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentFlowSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxFlowSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentCPSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxCPSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringNodeIndex"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringNodeDescr"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringFlowSessIPv4"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCPSessIPv4"] # jnxSPUClusterObjectsTable - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsClusterMonitoringNodeIndex"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsClusterMonitoringNodeDescr"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeCurrentTotalSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeMaxTotalSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeSessionCreationPerSecond"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeSessCreationPerSecIPv4"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeCurrentTotalSessIPv4"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentTotalSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxTotalSession"] - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringTotalSessIPv4"]

ajasnosz · Answer 1 · Fri Nov 17 2023 21:41:06 GMT+0800 (China Standard Time)

Sc4snmp is grouping events by index that is provided by mibs. Enable appending index part and provide us the output, so we could look at how it's grouped. Instruction on how to do that can be found here.

Michael Bates · Answer 2 · Mon Nov 20 2023 11:09:17 GMT+0800 (China Standard Time)

Thanks. I can see where my understanding has been led awry with the representation in the MIB tool I have been using.
The 3 items in the separate event are actually at the parent level, and the main event is a combination of 2 tables within the parent level.