Trouble Mapping UPS SNMP Trap Fields in Event Management – Severity, Node, Type Not Populating

markdeloy
Tera Contributor

We're working on integrating UPS SNMP traps into ServiceNow Event Management (Yokohama release). The traps are coming in via MID Server and show up as events with Source = “Trap from Enterprise 318” and Resource = “APC.”

We’ve created a Transform and Enrich rule with a working script that extracts key fields from the additional_info object (fields like agent_address, enterprise, generic_trap, specific_trap, etc.).

However, even though the script logs show the parsing works, the event fields like node, type, and severity remain blank after the rule runs. These fields should be populated based on the parsed values, but it’s as if something is overwriting or ignoring them after transformation.

We’ve verified:

  • The Transform rule runs and logs values correctly

  • The additional_info fields are present and match expected patterns

  • Manual field setting via script works — just doesn’t persist

We’re wondering if this is:

  • A post-processing step that wipes those values?

  • A parser or correlation behavior overwriting the fields?

  • Related to field protection in Yokohama?

Has anyone seen similar behavior with SNMP traps or UPS integrations in Yokohama? Any advice or success stories would be hugely appreciated.

Thanks!
– Mark

1 REPLY 1

Vishal Jaswal
Giga Sage

Hello @markdeloy 

Start by looking at these field types. To begin with, choose severity and find out it's field type like integer. Then look at the script logic for severity as integer or not and if not then correct it. In the meantime, you can comment updating other fields which are showing blank. If you are able to fix the severity then proceed in the same fashion for other fields.


Hope that helps!