In DX NetOps Spectrum, traps received may contain complex string variables (such as almMsg/ OID 1.3.6.1.4.1.4310.1.20.3.13) that include carriage returns, hex-formatted characters, and multiple quotes. These extra characters clutter the Alarm Title in Spectrum Alarm View and Operational Intelligence (OI), making it difficult for technicians to identify the actual Alarm Cause. 


Example String: A typical complex variable string requiring parsing might look like this: DEVICE_A - \u000d\u000a STATUS_CRITICAL \u000d\u000a NODE_ID:99 \u000d\u000a DATA_SOURCE:\"FAN_FAILURE_ALARM\" \u000d\u000a; The extraction process isolates the text between the quotes—specifically "FAN_FAILURE_ALARM"—to be used as the clean Alarm Title.

DX NetOps Spectrum (All Versions)

Cause: The incoming trap data is provided as a single long string containing formatting characters and metadata. Standard AlertMap mappings pass the entire string to an event variable, which is then used as the Alarm Title without filtering.

Create an Event Procedure that uses the Regexp and GetRegexp functions to parse the variable and extract only the desired substring. In this scenario, the "Alarm Cause" is located between the second and third double-quotes in the string.

1. Identify the source event code. In this example a trap is mapped via the AlertMap file to EventID  0xfff0147aand has a varbind with the desired string mapped to variable113.
   
   example AlertMap entry
   

   # sysFacAlarm almUsr 1.3.6.1.4.1.4310.1.20.2.6.3 0xfff0147a 1.3.6.1.4.1.4310.1.20.3.1(101,0)\ # almType 1.3.6.1.4.1.4310.1.20.3.3(102,0)\ # almStatus 1.3.6.1.4.1.4310.1.20.3.2(103,0)\ # almLgclView 1.3.6.1.4.1.4310.1.20.3.4(104,0)\ # almPhysclView 1.3.6.1.4.1.4310.1.20.3.5(105,0)\ # almNeId 1.3.6.1.4.1.4310.1.20.3.6(106,0)\ # almTID 1.3.6.1.4.1.4310.1.20.3.7(6,0)\ # almSrvcAffct 1.3.6.1.4.1.4310.1.20.3.8(108,0)\ # almDateAndTime 1.3.6.1.4.1.4310.1.20.3.9(109,0)\ # almSev 1.3.6.1.4.1.4310.1.20.3.10(110,0)\ # almCondType 1.3.6.1.4.1.4310.1.20.3.11(111,0)\ # almLevel 1.3.6.1.4.1.4310.1.20.3.12(112,0)\ # almMsg 1.3.6.1.4.1.4310.1.20.3.13(113,0)\ # almSubNetworkId 1.3.6.1.4.1.4310.1.20.3.14(114,0)\ # almNeType 1.3.6.1.4.1.4310.1.20.3.15(115,0)\ # almCli 1.3.6.1.4.1.4310.1.20.3.16(116,0)\ # almCkt 1.3.6.1.4.1.4310.1.20.3.17(117,0)

   
   
   
   
2. Open the $SPECROOT/custom/Events/EventDisp file in a text editor.
   
   
3. Add an Event Procedure to extract the value and create a new event (e.g., 0xfff0147b):
   
   

   a. The Trigger and Event Creation

   The procedure begins by defining which event will trigger the code (0xfff0147a) and which new event will be created as a result (0xfff0147b).

   • CreateEventWithVariables: This function generates the new event on the current model and allows you to carry over or modify specific variables. Event Cause Extraction

   b. Variable Modification (SetEventVariable)

   • GetEventVariableList(): This retrieves the list of all variables from the original trap.
   • { U 118 }: This is the ID for the new variable where we will store the extracted "Alarm Cause."
   • SetEventVariable: This function takes the list of variables and updates or adds variable 118 with the result of our extraction logic. Extract IP Regexp

   c. The Conditional Logic (If and Regexp)

   Before extracting, the procedure checks if the pattern actually exists to avoid errors.

   • Regexp(...): This returns True if the pattern is found in the source variable ({ U 113 }).
   • If( Regexp(...), [True Action], [False Action] ):
     • If True: It runs the extraction (GetRegexp).
     • If False: It simply returns the original, unparsed string (GetEventVariable( { U 113 } ))

   0xfff0147a E 0 P " \     CreateEventWithVariables( \       { C CURRENT_MODEL }, \       { H 0xfff0147b }, \       SetEventVariable( \         GetEventVariableList(), \         { U 118 }, \         If( \           Regexp( GetEventVariable( { U 113 } ), { S \":\\\"([^\\\"]+)\\\"\" } ), \           GetRegexp( \             GetEventVariable( { U 113 } ), \             { S \":\\\"([^\\\"]+)\\\"\" }, \             { U 1 } \           ), \           GetEventVariable( { U 113 } ) \         ) \       ) \     ) "

4. The Extraction Logic (GetRegexp)

This is the core parsing function:

• GetRegexp( source, pattern, index ):
  • source: Variable { U 113 } containing the messy string.
  • pattern: { S \":\\\"([^\\\"]+)\\\"\" } (The regex looking for the colon and quotes).
  • index: { U 1 } tells Spectrum to return the first "capture group" (the text inside the parentheses ([^\\\"]+)). 
    
    

    Why Triple Backslash?

    When these layers are combined, the backslash itself must be escaped. To pass a single literal quote (") into a regex that is nested inside a string attribute, which is itself inside an Event Procedure, the syntax must be:

    1. \ (The first backslash) escapes the second backslash for the EventDisp parser.
    2. \ (The second backslash) escapes the third backslash for the Event Procedure logic.
    3. \" (The final backslash and quote) represents the literal quote that the Regular Expression engine will ultimately evaluate. Extract IP Regexp

    Without this "double escaping" (resulting in \\\"), the SpectroSERVER would fail to load the EventDisp file, or the regex engine would receive a broken pattern that terminates early.
    
    Doc: Use Regular Expressions

5. Save the file and ensure no trailing spaces exist after the backslashes (\).

6. Update the SpectroSERVER memory by clicking Update Event Configuration in the OneClick VNM model under the SpectroSERVER Control view.

Event Procedure Function Docs

Input Parameters
CreateEventWithVariables
SetEventVariable
GetEventVariableList
If
Regexp
GetRegexp
GetEventVariable