OK, I've poured over the threads available here at thwack that explain different methods to trigger and alert and clear that alert when corresponding trap comes in. I have an example that is slightly different from others I've seen here, I'd like to get some help with.
Scenario - another monitoring tool (HP BSM) sends a trap as an action when an alert condition is raised:
11/29/2016 8:08:20 AM 10.10.10.10 pwbsmdps02 public SNMPv2-SMI:enterprises.5233.4.0.1 snmpTrapEnterprise = SNMPv2-SMI:enterprises.5233.4
experimental.1057.1.0 = 10.10.10.10
sysUpTime = 226 days 5 hours 16 minutes 34.05 seconds
snmpTrapOID = SNMPv2-SMI:enterprises.5233.4.0.1
enterprises.5233.4.10 = Business Transaction Flow:LMS;transaction:LMS_003_Auth;
enterprises.5233.4.9 = d4aec8817ec54e330fcc047bac0890ea
enterprises.5233.4.8 = N/A
enterprises.5233.4.7 = Response time for 2 out of 3 transactions was greater than 8.00 seconds.;
enterprises.5233.4.6 = For Business Transaction Flow "LMS", transaction "LMS_003_Auth". Response time for 2 out of 3 transactions greater than 8.00 seconds.;
enterprises.5233.4.5 = Major
enterprises.5233.4.4 = 33dcb5b068c72fdb8779050b29df5c2c
enterprises.5233.4.3 = Regular Alert
enterprises.5233.4.2 = ITO: LMS Performance Alerts
enterprises.5233.4.1 = LMS
It also will send a corresponding clear trap when the alert clears:
1/29/2016 8:29:38 AM 10.10.10.10 pwbsmdps02 public SNMPv2-SMI:enterprises.5233.4.0.1 snmpTrapEnterprise = SNMPv2-SMI:enterprises.5233.4
experimental.1057.1.0 = 10.10.10.10
sysUpTime = 226 days 5 hours 16 minutes 34.05 seconds
snmpTrapOID = SNMPv2-SMI:enterprises.5233.4.0.1
enterprises.5233.4.10 = Business Transaction Flow:LMS;transaction:LMS_003_Auth;
enterprises.5233.4.9 = d4aec8817ec54e330fcc047bac0890ea
enterprises.5233.4.8 = N/A
enterprises.5233.4.7 = Response time for 1 out of 3 transactions was greater than 8.00 seconds.;
enterprises.5233.4.6 = For Business Transaction Flow "LMS", transaction "LMS_003_Auth". Response time for 2 out of 3 transactions greater than 8.00 seconds.;
enterprises.5233.4.5 = Informational
enterprises.5233.4.4 = 33dcb5b068c72fdb8779050b29df5c2c
enterprises.5233.4.3 = Follow Up Alert
enterprises.5233.4.2 = ITO: LMS Performance Alerts
enterprises.5233.4.1 = LMS
The traps always come from the same IP/Hostname: 10.10.10.10/pwbsmdps02
So in following other examples here, I created two rules in the trap viewer:
BSM Alert:
BSM Clear:
Note: ${vbData4} contains the unique alert identifier, which is why I chose it to correlate the events. I verified in the Trap Viewer that new traps are colored properly.
Next, I created an new Alert in NPM:
Trigger:
Reset:
Now here is where I am stuck... I would like to pull this varbind from the specific trap and put it into the Message displayed when this alert is triggered:
enterprises.5233.4.6 = For Business Transaction Flow "LMS", transaction "LMS_003_Auth". Response time for 2 out of 3 transactions greater than 8.00 seconds.;
Is this even possible?!