Trouble Mapping UPS SNMP Trap Fields in Event Management – Severity, Node, Type Not Populating
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2025 07:59 AM
We're working on integrating UPS SNMP traps into ServiceNow Event Management (Yokohama release). The traps are coming in via MID Server and show up as events with Source = “Trap from Enterprise 318” and Resource = “APC.”
We’ve created a Transform and Enrich rule with a working script that extracts key fields from the additional_info object (fields like agent_address, enterprise, generic_trap, specific_trap, etc.).
However, even though the script logs show the parsing works, the event fields like node, type, and severity remain blank after the rule runs. These fields should be populated based on the parsed values, but it’s as if something is overwriting or ignoring them after transformation.
We’ve verified:
The Transform rule runs and logs values correctly
The additional_info fields are present and match expected patterns
Manual field setting via script works — just doesn’t persist
We’re wondering if this is:
A post-processing step that wipes those values?
A parser or correlation behavior overwriting the fields?
Related to field protection in Yokohama?
Has anyone seen similar behavior with SNMP traps or UPS integrations in Yokohama? Any advice or success stories would be hugely appreciated.
Thanks!
– Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2025 08:49 AM
Hello @markdeloy
Start by looking at these field types. To begin with, choose severity and find out it's field type like integer. Then look at the script logic for severity as integer or not and if not then correct it. In the meantime, you can comment updating other fields which are showing blank. If you are able to fix the severity then proceed in the same fashion for other fields.
Hope that helps!