NetXMS Support Forum

At the moment i'm using the Syslog Parser to notify us via slack of certain syslog messages, such as OSPF neighbor state changes (if there's a better way i'm all ears)
The process is Syslog Parser -> Event template -> Event processing policy -> Slack message

The Syslog Parser looks like this
*OSPF State change* %1 from %2 to %3 -> Generate Event

The event template consists of this
*OSPF State change* %1 from %2 to %3

Event processing is
Condition: Event
Action: Server Action - SLACK

SLACK alert is
curl -d 'payload={"attachments": [{"color": "#8c8c8c","text": "%n - %m %M"}]}' -X PUT [URL HIDDEN]


Net result is a Syslog message originated on the router starts off like this

Quoteroute,ospf,info OSPFv2 neighbor 2.2.2.2: state change from Full to Down

and then in Slack it appears like this
RouterA | 1.1.1.1 - OSPF State change 2.2.2.2 from Full to Down

I have a script that runs and changes the hostname of all NetXMS hosts to their Syslog name and their IP address, so the first part of 'RouterA | 1.1.1.1' is very easy to read and show which device originated the SysLog message
The second part of '2.2.2.2' is not so easy because nobody knows off the top of their head which router 2.2.2.2 is
So I want to do some text replacement. Is it possible anywhere along this chain of events to take the text of %1 (which is 2.2.2.2 in this example) and then do a lookup, find the hostname of 2.2.2.2 and replace it with i.e. 'RouterB | 2.2.2.2' so that its far more human readable?

I'm thinking it might be possible to change the event processing policy to instead run a script, and then the script executes the server action
However i'd need some help with that process as i'm not overly familiar with NetXMS scripting language and operations

Alternatively is there an online service such as zapier that is well suited for parsing text and changing it, so that I can keep NetXMS as it is but instead of sending directly to Slack it sends to the interpreter service, then that sends the finalized message to Slack? I'm just not aware of a service specifically built for this

Make a script in scrip library, e.g. GetNodeName:
r = "";
for (n : GetAllNodes())
{
  if (n->ipAddr == $event->parameters[1])
  {
    r = n->name;
    break;
  }
}
return r;

In event template call it like this:
*OSPF State change* %[GetNodeName] %1 from %2 to %3

The script will be called in the context of the event, so the first parameter of the event where you have the IP address will be available there.

edit: Nevermind, post removed

I thought your syntax was incorrect, but I was using it wrong. I was trying to first test with 'Execute Server Script' and parsing a variable to it then using $1 instead of $event->parameters[1] and that worked in that context, but not in Event message

Your syntax is correct and it works fine

Thank You!