diff --git a/splunk_connect_for_snmp_poller/manager/hec_sender.py b/splunk_connect_for_snmp_poller/manager/hec_sender.py index 1429726..611193b 100644 --- a/splunk_connect_for_snmp_poller/manager/hec_sender.py +++ b/splunk_connect_for_snmp_poller/manager/hec_sender.py @@ -215,31 +215,33 @@ def extract_additional_properties(fields, metric_name, metric_value, server_conf for family in oid_families.keys(): if metric_name.startswith("sc4snmp." + family): stripped = metric_name[: metric_name.index("_")] - input_text = metric_name[metric_name.index("_") + 1 :] # noqa: E203 - entries = oid_families[family][enricher_additional_varbinds] - for entry in entries: - if "regex" in entry and "names" in entry: - regex = entry["regex"] - names = entry["names"] - names_list = names.split("/") - + entries = multi_key_lookup( + oid_families, (family, enricher_additional_varbinds) + ) + if entries: + regex_entries = [ + entry["regex"] for entry in entries if "regex" in entry + ] + for regex in regex_entries: result = re.match(regex, input_text) if result: any_regex_matched = True - for index, item in enumerate(names_list): - fields[item] = result.group(index + 1) + for key, value in result.groupdict().items(): + fields[key] = value.replace("_", ".") del fields["metric_name:" + metric_name] fields["metric_name:" + stripped] = metric_value - # TODO delete blow debug statement - fields["old_metric_name:" + metric_name] = metric_value - continue - - if not any_regex_matched: - fields["index_number"] = input_text - del fields["metric_name:" + metric_name] - fields["metric_name:" + stripped] = metric_value + break + break + + if not any_regex_matched: + stripped = metric_name[: metric_name.rindex("_")] + input_text = metric_name[metric_name.rindex("_") + 1 :] # noqa: E203 + + fields["index_number"] = input_text + del fields["metric_name:" + metric_name] + fields["metric_name:" + stripped] = metric_value def build_error_data( diff --git a/tests/test_additional_data_extraction.py b/tests/test_additional_data_extraction.py index 21fe00f..8721415 100644 --- a/tests/test_additional_data_extraction.py +++ b/tests/test_additional_data_extraction.py @@ -28,8 +28,7 @@ def test_data_extraction(self): "TCP-MIB": { "additionalVarBinds": [ { - "regex": "([0-9]+_[0-9]+_[0-9]+_[0-9]+)_([0-9]+)_([0-9]+_[0-9]+_[0-9]+_[0-9]+)_([0-9]+)", # noqa: E501 - "names": "IP_one/port/IP_two/index_number", + "regex": "(?P[0-9]+_[0-9]+_[0-9]+_[0-9]+)_(?P[0-9]+)_(?P[0-9]+_[0-9]+_[0-9]+_[0-9]+)_(?P[0-9]+)", # noqa: E501 } ] }, @@ -38,13 +37,11 @@ def test_data_extraction(self): {"ifDescr": "interface_desc"}, {"ifPhysAddress": "MAC_address"}, ], - "additionalVarBinds": [{"indexNum": "index_number"}], }, "UDP-MIB": { "additionalVarBinds": [ { - "regex": '(ipv4)_"([0-9]+_[0-9]+_[0-9]+_[0-9]+)"_([0-9]+)_(ipv4)_"([0-9]+_[0-9]+_[0-9]+_[0-9]+)"_([0-9]+)_([0-9]+)', # noqa: E501 - "names": "protocol_version_one/IP_one/port_one/protocol_version_two/IP_two/index_number/port_two", # noqa: E501 + "regex": '(?Pipv4)_"(?P[0-9]+_[0-9]+_[0-9]+_[0-9]+)"_(?P[0-9]+)_(?Pipv4)_"(?P[0-9]+_[0-9]+_[0-9]+_[0-9]+)"_(?P[0-9]+)_(?P[0-9]+)', # noqa: E501 } ] }, @@ -55,7 +52,7 @@ def test_data_extraction(self): fields = { "metric_name:sc4snmp.TCP-MIB.tcpConnLocalPort_192_168_0_1_161_127_0_0_1_5": "1111" } - fields2 = {"metric_name:sc4snmp.IF-MIB.ifInErrors_2": "173127"} + fields2 = {"metric_name:sc4snmp.IF-MIB.ifInErrors_2_1_asdad_23": "173127"} fields3 = { 'metric_name:sc4snmp.UDP-MIB.udpEndpointProcess_ipv4_"0_0_0_0"_111_ipv4_"0_0_0_0"_0_13348': "123" } @@ -68,7 +65,7 @@ def test_data_extraction(self): ) extract_additional_properties( - fields2, "sc4snmp.IF-MIB.ifInErrors_2", "173127", server_config + fields2, "sc4snmp.IF-MIB.ifInErrors_2_1_asdad_23", "173127", server_config ) extract_additional_properties( @@ -78,15 +75,17 @@ def test_data_extraction(self): server_config, ) - self.assertEqual(fields["IP_one"], "192_168_0_1") + self.assertEqual(fields["IP_one"], "192.168.0.1") self.assertEqual(fields["port"], "161") - self.assertEqual(fields["IP_two"], "127_0_0_1") + self.assertEqual(fields["IP_two"], "127.0.0.1") self.assertEqual(fields["index_number"], "5") + self.assertEqual(fields2["index_number"], "23") + self.assertEqual(fields3["protocol_version_one"], "ipv4") - self.assertEqual(fields3["IP_one"], "0_0_0_0") + self.assertEqual(fields3["IP_one"], "0.0.0.0") self.assertEqual(fields3["port_one"], "111") self.assertEqual(fields3["protocol_version_two"], "ipv4") - self.assertEqual(fields3["IP_two"], "0_0_0_0") + self.assertEqual(fields3["IP_two"], "0.0.0.0") self.assertEqual(fields3["index_number"], "0") self.assertEqual(fields3["port_two"], "13348")