Problem:
In Log Analyzer, it is not currently possible to search for a varbind name with a specific value. You can only search in the message as a whole.
Problem Example:
Take the trap below for example:
VARBINDS
sysUpTime (1.3.6.1.2.1.1.3.0)
13 days 16 hours 39 minutes 25.04 seconds
bgpPeerLastError.172.18.0.65 (1.3.6.1.2.1.15.3.1.14.172.18.0.65)
bgpPeerState.172.18.0.65 (1.3.6.1.2.1.15.3.1.2.172.18.0.65)
established(6)
cbgpPeerLastErrorTxt.172.18.0.65 (1.3.6.1.4.1.9.9.187.1.2.1.1.7.172.18.0.65)
empty value
cbgpPeerPrevState.172.18.0.65 (1.3.6.1.4.1.9.9.187.1.2.1.1.8.172.18.0.65)
openconfirm(5)
TrapType
CISCO-BGP4-MIB:cbgpFsmStateChange
If you wanted to look for the text "openconfirm(5)" in the varbind with name "cbgpPeerPrevState.172.18.0.65", you will not get results.
If the varbind name did not contain what I'll call an "instance" (the IP address after the period), this search would work. For example, if the varbind name was only "cbgpPeerPrevState", I believe this would work. Because there is an instance (in this case, the IP of a specific BGP peer) in the varbind name, you don't get results. You can't use "cbgpPeerPrevState" in your search because that is not the full varbind name.
I would not want to search the entire message for the value "openconfirm(5)" as that would potentially match too many things. I only care when that value appears in the specific varbind name.
Potential Solution:
Allow searching for a combination of varbind name and value when the varbind name contains an "instance".