I've been using LLD filters to limit discovery and it's been working OK, but now I have a filter that I cannot figure out. I have the following discovery output (just a snippet):
I want to filter out the entries where SNMPINDEX's first element is not 5 digits (in above sample it's the second entry that should be removed). Should be easy right? I add following filter rule:
{#SNMPINDEX} matches ^\d{5}\.\d+$
The regex is valid and works (I verified) but nothing gets filtered out. I tried replacing \d{5} with \d\d\d\d\d, but it changes nothing. Any ideas?
Edit: I just tried matching nonsensical string and both 'matches' and 'does not match' and nothing ever gets filtered out. Seems like the filter has no effect no matter what. I am starting to suspect that filtering by {#SNMPINDEX} simply doesn't work.
Code:
{
"{#SNMPINDEX}": "38489.2",
"{#SEVERITY}": "20",
"{#EVALUATION}": "2"
},
{
"{#SNMPINDEX}": "300000003.1",
"{#SEVERITY}": "20",
"{#EVALUATION}": "2"
},
{#SNMPINDEX} matches ^\d{5}\.\d+$
The regex is valid and works (I verified) but nothing gets filtered out. I tried replacing \d{5} with \d\d\d\d\d, but it changes nothing. Any ideas?
Edit: I just tried matching nonsensical string and both 'matches' and 'does not match' and nothing ever gets filtered out. Seems like the filter has no effect no matter what. I am starting to suspect that filtering by {#SNMPINDEX} simply doesn't work.
Comment