Hello, hope you can help. I am receiving the below trap
JUNIPER-IDP-MIB:jnxIdpSessionCountNotify : sysUpTime = 110 days 18 hours 35 minutes 56.86 seconds, jnxSyslogEventName.2535 = ESWD_MAC_LIMIT_DROP, jnxSyslogTimestamp.2535 = 17/02/2023 08:59:44, jnxSyslogSeverity.2535 = 2, jnxSyslogFacility.2535 = 4, jnxSyslogProcessId.2535 = 1364, jnxSyslogProcessName.2535 = eswd, jnxSyslogHostName.2535 = SWITCHNAME, jnxSyslogMessage.2535 = ESWD_MAC_LIMIT_DROP: MAC limit (1) exceeded at ge-2/0/18.0: dropping the packet from src a0:4c:fd:e7:d1:fc, snmpTrapEnterprise = JUNIPER-CHASSIS-DEFINES-MIB:jnxProductNameEX3300
How to put "MAC limit (1) exceeded at ge-2/0/18.0: dropping the packet from src a0:4c:fd:e7:d1:fc" in the alert body only?
Tried these two options but none is working as expected:
###
${N=SWQL;M=SELECT SUBSTRING('${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}',
CHARINDEX('jnxSyslogMessage.2535 = ',)}
###
${SQL: SELECT SUBSTRING(${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage},CHARINDEX('jnxSyslogMessage.2535 = ', 45)}
###
E-mail alert returns this:
###
${N=SWQL;M=SELECT SUBSTRING('JUNIPER-IDP-MIB:jnxIdpSessionCountNotify : sysUpTime = 173 days 22 hours 35 minutes 49.45 seconds, jnxSyslogEventName.5795 = ESWD_MAC_LIMIT_DROP, jnxSyslogTimestamp.5795 = 17/02/2023 13:46:11, jnxSyslogSeverity.5795 = 2, jnxSyslogFacility.5795 = 4, jnxSyslogProcessId.5795 = 1355, jnxSyslogProcessName.5795 = eswd, jnxSyslogHostName.5795 = SQITCHNAME, jnxSyslogMessage.5795 = ESWD_MAC_LIMIT_DROP: MAC limit (2) exceeded at ge-4/0/44.0: dropping the packet from src 7c:57:58:66:b9:ad, snmpTrapEnterprise = JUNIPER-CHASSIS-DEFINES-MIB:jnxProductNameEX3300',
CHARINDEX('jnxSyslogMessage.2535 = ',)}
###
MACRO SQL ERROR - Incorrect syntax near 'MIB:'.
The label 'MIB' has already been declared. Label names must be unique within a query batch or stored procedure.
###