Hello!  Wanted to ask if anyone has experience with receiving SNMPv2 trap alerts in Splunk 8.2.5 (Win 2019)?  Background: we have an environment monitor device that sends high/low temperature alerts to the local SNMP Trap svc, from there picked up by a generic WMI SNMP provider, from which Splunk pulls the data.  

"wmi.conf":

[WMI:SNMP]namespace = \\.\root\snmp\localhost
interval = 10wql = SELECT * FROM SnmpNotification
disabled = 0
index = snmpindex
current_only = 1

Problem we're running into is that when the data is ingested, Splunk has an issue translating the "VarBindList" object it gets from WMI, containing the SNMP variable binding ("varbind") info that describes the SNMP trap alert from the device (ticks, OID, text msg of what alert was tripped).  

Sample Splunk search result from "snmpindex":
(see: VarBindList=<unknown variant result type 8205> below):

20241007120551.314854
AgentAddress=10.2.13.19
AgentTransport
Address=10.2.13.19
AgentTransportProtocol=IP
Community=alispub
Identification=1.3.6.1.4.1.20916.1.13.2.1
SECURITY_DESCRIPTOR=NULL
TIME_CREATED=133727763449700336
TimeStamp=1894
VarBindList=<unknown variant result type 8205>
wmi_type=SNMP
host=MS source=WMI:SNMP sourcetype=WMI:SNMP

Been trying various Splunk configs/transforms, XML, etc. but all are basically contingent on getting good data into "_raw", and "_raw" col just has that msg.  Our RoomAlert3S device we need to upgrade to only sends SNMPv2 or v3.  Everything seems to work fine when the trap is v1 (from past behavior/our test util).