From 732058d81b1008abf5cfda243d14dcbb20365b68 Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Thu, 4 Feb 2021 07:03:39 -0500
Subject: [PATCH] feat(props): Add snmp traps

---
 package/default/props.conf      | 12 ++++++++++++
 package/default/transforms.conf |  2 ++
 2 files changed, 14 insertions(+)
 create mode 100644 package/default/props.conf
 create mode 100644 package/default/transforms.conf

diff --git a/package/default/props.conf b/package/default/props.conf
new file mode 100644
index 0000000..54da059
--- /dev/null
+++ b/package/default/props.conf
@@ -0,0 +1,12 @@
+[sc4snmp:traps]
+pulldown_type = 0
+NO_BINARY_CHECK = 1
+SHOULD_LINEMERGE = false
+KV_MODE = NONE
+LEARN_SOURCETYPE = false
+LEARN_MODEL = false
+ANNOTATE_PUNCT = false
+
+DATETIME_CONFIG=CURRENT
+
+REPORT-fields = ta_sc4snmp_trap
\ No newline at end of file
diff --git a/package/default/transforms.conf b/package/default/transforms.conf
new file mode 100644
index 0000000..704cd3e
--- /dev/null
+++ b/package/default/transforms.conf
@@ -0,0 +1,2 @@
+[ta_sc4snmp_trap]
+REGEX = (?:^| )(?<_KEY_1>[^=]*)=(?! )(?<_VAL_1>.+?)(?=(?: [^ ]*(?<!\\)=|$))
\ No newline at end of file