Events being split for no apparent reason

[M-Bates]

Some polls are being split into multiple events for an undetermined reason. When split, data enrichment is not being added to all events, only the first.

The corresponding profile definition ` Juniper_srx_spu: frequency: 120 condition: type: "field" field: "SNMPv2-MIB.sysDescr" patterns:

- "This will match nothing"

      - ".*Juniper.*srx.*"
  varBinds:
    # jnxJsSPUMonitoringObjectsEntry
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringFPCIndex"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringSPUIndex"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCPUUsage"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMemoryUsage"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentFlowSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxFlowSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentCPSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxCPSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringNodeIndex"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringNodeDescr"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringFlowSessIPv4"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCPSessIPv4"]
    # jnxSPUClusterObjectsTable
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsClusterMonitoringNodeIndex"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsClusterMonitoringNodeDescr"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeCurrentTotalSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeMaxTotalSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeSessionCreationPerSecond"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeSessCreationPerSecIPv4"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsNodeCurrentTotalSessIPv4"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringCurrentTotalSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringMaxTotalSession"]
    - ["JUNIPER-SRX5000-SPU-MONITORING-MIB","jnxJsSPUMonitoringTotalSessIPv4"]

`

[ajasnosz]

Sc4snmp is grouping events by index that is provided by mibs. Enable appending index part and provide us the output, so we could look at how it's grouped. Instruction on how to do that can be found here.

[M-Bates]

Thanks. I can see where my understanding has been led awry with the representation in the MIB tool I have been using. The 3 items in the separate event are actually at the parent level, and the main event is a combination of 2 tables within the parent level.