Skip navigation

Product Blog

March 2018 Previous month Next month

SWQL Walkthrough

Posted by animelov Employee Mar 13, 2018

Hi, all!  And welcome back to our discussion on the SDK and all things SWQL. So, at this point, we’ve briefly introduced SWQL, but today we’re going to get down to building queries with SWQL and talk about what you can make with them.


But first, let’s discuss why this is important. The Orion® Platform does an excellent job of giving you a single-pane-of-glass view for all of your products, while giving you the freedom to pick and choose which modules you wish to purchase. Because of this, the back-end database is fairly segregated, save for a handful of canned widgets and reports. For database experts, this would be done by waving a magic wand and using the correct incantations of “Inner join!” or “Outer Join!”  For the rest of this, SWQL can do the trick!


Now, what this is NOT going to be is a general guide on structured query language (SQL). This does require some level of knowledge of how to construct a basic query, but don’t be scared off just yet.  SWQL, let alone SQL, is not something I knew before I started, but I picked up quite easily.


Also, before we begin, if you haven’t picked up the latest SWQL studio, I highly recommend you do so and check out our most recent post here. This can be installed anywhere that has an Orion server connection, including your laptop.


Now that that is out of the way, let’s get to the meat of the subject. SWQL, in and of itself, is very similar to SQL, but with a few restrictions. For example, SWQL and its studio is read-only. There are SWIS calls you can make with it for API/PowerShell®, but we’ll get into that in a later post. For a quick rundown, check out this post.


If I wanted to see a list of applications that I’m monitoring on my SAM instance, I could write a query that looks like this:

select Displayname from Orion.APM.Application


And I go to Query à Execute (or F5),


that will get me an output that looks like this:


Pretty simple, right?  Let’s look and see what this does, though:



“select” and “from” should be self-explanatory if you know a little SQL. “select” means we want to retrieve/read information, and “from” is stating which table we’re getting that information from.  Orion.APM.Application is the table name (so, we’re getting information “from” “Orion.APM.Application”), and “DisplayName” is the title of the column we’re getting that information from.  Now, where did we get that column name from?  If you look at SWQL studio and find the table name and expand on it, you’ll get this:



Those icons with the blue icons next to them? Those are the columns we can pick from. For the other icons, check out our previous post here.


Let’s add some more to that query. If we want to see the status of the applications (up/down/warning/etc.), we can just add the status to the query, like so:

select Displayname, Status from Orion.APM.Application


This will give us:


More info on the status values can be found here, but, 1 is up, 2 is down, etc.


Now, what if we wanted to select ALL of the columns in this table to see what we get. Unfortunately, this is one of the first things that differs from SQL to SWQL that you cannot wildcard with *.  In other words:


select * from <tablename> does NOT work!!!


If you want all columns, you’ll have to select each one of them, separated by a comma. Luckily, SWQL will do this for you. If you right-click on the table name, you have the option of creating a general select statement:

That will generate a query for you with EVERY column possible for that table.


Pretty neat, right? Now, let’s get to the fun part of SWQL. One of the attributes of SWQL over SQL is its ability to automatically link related tables. If you are familiar with SQL, this is where things would normally get hairy with inner/outer join statements. Here we make it easier.


Let’s use our application example again. Having the list of applications is great, but to me, it’s nothing unless I know which node it is tied to. There is a node id in that application table, but it returns a number, which means nothing to me.  Remember those chain link icons from earlier?  Those are linked tables, and if you look, there is a link to the Orion.Nodes table:



To get the linkage to work, we first need to give the application table an alias. To do so, I just need to give it a name after the table declaration.  So, let’s call it “OAA,” which is short for Orion APM Application. Note: you can name it anything EXCEPT for a reserved word, like “select” or “from.”

select Displayname, Status from Orion.APM.Application OAA


Now, we need to make sure our columns are referenced to OAA by adding that to the beginning of the column names:

select OAA.Displayname, OAA.Status from Orion.APM.Application OAA


Finally we add the node name.  We can do this with the linked table from earlier by using dot notation.  In other words, if I write in “OAA.Node.”, I’m now allowed to pick any column from the node table, including the name of the node (or “caption”).  Now my query looks like this:

select OAA.Displayname, OAA.Status, OAA.Node.Caption from Orion.APM.Application OAA


And now, this is my output:


This is where things get interesting. Remember how I said that we can tie multiple products together?  The AppStack dashboard with Virtualization Manager and Storage Resource Monitor is extremely powerful, especially in terms of reporting. SWQL can help us with that.


If we keep going with our Application example above, we can continue tying information together from other tables.  So far, we’ve linked the nodes table, but let’s see what ESX host these belong to. From the Applications table, there isn’t a link to any of the VIM tables:


But it is related to the “Nodes” table, and if we look at the Nodes table:

Then we go to the Virtual Machines table and from Virtual Machines table…

… there’s the Hosts table!  So, let’s link that to our query using dot notation:

select OAA.Displayname, OAA.Status, OAA.Node.Caption, OAA.Node.VirtualMachine.Host.HostName from Orion.APM.Application OAA


Note, the host names that are NULL refer to machines that are not monitored via Virtualization Manager; they do not have a host.


That’s it for now. Later, we’re going to learn some more tricks for formatting with SWQL, and then how to apply this to Orion®. Stayed tuned for the next one!

We are happy to announce the release of SolarWinds® Traceroute NG, a standalone free tool that finds network paths and measures their performance.

The original traceroute is one of the world’s most popular network troubleshooting tools but it works poorly in today’s networks. You can read about its shortfalls in this whitepaper.

SolarWinds® fixed these shortfalls with NetPath, a feature of NPM.  People love NetPath but there are two problems.  First, NetPath takes a couple minutes to find all possible paths in complex networks, much longer than a quick tool like traditional traceroute. Second, most people don’t own SolarWinds® NPM and so don’t have access to NetPath.

Traceroute is too important of a tool to allow it to languish.  That’s why we’ve taken what we’ve learned with NetPath and fixed traceroute.  We call it Traceroute NG.

Traceroute NG is a super fast way to get accurate performance results for a network path in a text format that’s easy to share.

Compared to traceroute, TracerouteNG is:

  • Super-fast
  • Rarely blocked by firewalls
  • More accurate, thanks to path control
  • Updates latency/loss continuously
  • Detects path changes
  • TCP or ICMP


You can download Traceroute NG here and launch the tool by double-clicking the traceng.exe.

You’ll be presented with a help screen and the application will wait for your input. Type the domain name to start a trace.


You can also launch the free tool from Windows command prompt:


Let’s look at some results.


Scenario 1: Endpoint is blocking TCP port

We all know that HTTP uses TCP 80 by default. What would traceroute show you if someone blocks that port on a firewall or webserver?

All good, it’s not the network. You know it’s not your issue. But what is the issue?  That’s where Traceroute NG will help:

Traceroute NG can mimic TCP application traffic, so packets are treated as the application traffic is. In this case it detected that port TCP 80 on the destination webserver is closed. You know, it’s not the network. But you can be more precise and tell your sysadmin to enable this port on his webserver.


Scenario #2: Network path change

To illustrate this scenario, I have created a simple network using GNS3.


I also have a loopback adapter configured, to point all IPv6 traffic to this lab:


I’d like to trace from my machine in Cloud1 to the PC (fc90::3). If the OSPF routing works, I should go through routers R1, R7 and R3. Traceroute confirms:


Traceroute NG as well:


What if I do maintenance on router R7? Will traceroute tell me, when router R7 becomes unavailable and detect the new path? No. It runs once and then you need to run it again. Manually.

With Traceroute NG, detecting a change is simple. You can tell Traceroute NG to warn you if the path changes and optionally log the output. An example command would be: -a warn -l -p 23 fc90::3

And this is the result:


So you know that your router is down and once you hit enter, Traceroute NG will show you the new path. In the GNS3 lab we expect the new path will go through R1, R5, R2 and R3. Traceroute NG confirms:


And the log file as well, showing you original path and the new path:

In this use case, we have leveraged several features of Traceroute NG. First, it runs continuously. Second, it detects, when a path is no longer available. Third, it can log results in a text format, that’s easy to share.

Now, enough boring reading, it’s time to try it out! You can download Traceroute NG here:


We’re super excited to share this tool with the world and hope you find it useful.  Let us know your thoughts!

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.