######
# Splunk includes file
######
case ".1.2.3.4.5.6.7.8":
    switch($specific-trap) {
        case "9":  ###-Splunk Alert
                $hostname = $1
                $username = $2
                $alertkey = $3
                $alertmessage = $4
                $splunkapp = $5
                $severity = $6
                $escalation = $7
                $splunksearch = $8
                $message = $9
                @Node = $hostname
                $RealHost = extract($2, "^([A-Za-z0-9-]+)")
                $RealUser = extract($2, " ([A-Za-z0-9-]+)")
                log(DEBUG, "Splunk trap real node " + $RealHost + "  by " + $RealUser)
                @AlertGroup = $splunkapp
                @AlertKey = $alertkey
                @Identifier = @Node + " " + @AlertGroup + " " + @AlertKey 
                @Summary = $alertmessage
                @ServiceIdentifier = $escalation
                @MonitorModule = "SPLUNK"
                @Severity = $severity
  }