---

Subject:	comment the last two lines
Author:	Andrew Kirch
Posted:	2015-08-24 14:32

print evt.severity at the beginning, and comment the last two lines and tell me what you get.

Andrew Kirch

akirch@gvit.com

Need Zenoss support, consulting or custom development Look no further. Email or PM me!

Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard

---

Subject:	ok I commented out the
Author:	[Not Specified]
Posted:	2015-08-24 14:48

ok I commented out the following lines:

#Splunk Serverity Code
if getattr(evt, 'severity', 5):
evt.severity_splunk = 'fatal'
if getattr(evt, 'severity', 4):
evt.severity_splunk = 'error'
if getattr(evt, 'severity', 3):
evt.severity_splunk = 'warn'
#if getattr(evt, 'severity', 2):
# evt.severity_splunk = 'info'
#if getattr(evt, 'severity', 1):
# evt.severity_splunk = 'debug'

now all events get assigned a evt.severity_splunk of "warn". Still seems to be taking the last line of the transform and setting the severity_splunk level.

---

Subject:	what's the value of evt
Author:	Andrew Kirch
Posted:	2015-08-26 14:29

what's the value of evt.severity Is this a string/integer issue try printing it before the transform runs and look at zenactiond.log

Andrew Kirch

akirch@gvit.com

Need Zenoss support, consulting or custom development Look no further. Email or PM me!

Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard

---

Subject:	Your original way didn't work
Author:	Jim R
Posted:	2015-09-02 11:29

Your original way didn't work because you were only getting the value of the attribute, not actually checking it's value.
if getattr(evt, 'severity', 1) would always return true, since it would return 1 if severity was not an attribute on evt.

You could make it a little cleaner by creating a dictionary and returning the value from it:

splunkSev={5:'fatal',4:'error',3:'warn',2:'info',1:'debug',0:clear}
evt.severity_splunk=splunkSev.get(int(evt.severity),'UNKNOWN')