Pardon the sarcasm in the title as this "feature" is horrible from my point of view.
We have recently completed our server migration and upgrade (on 2019.4) !, as well as a new module install. As a good geek I was excited to dig into all of the new features. That is until I have to attempt to identify what happened before an issue. Local device logs weren't reachable due to the device being down so I hit up the syslog viewer in NPM as I have done countless times in the past. Now it wasn't pretty before, but it was functional. Now I can only browser thru 1000 syslog entries at a time. No I don't mean per page or I only had 1,000 entries in the database. Out of the 6,000+ syslog entries I had for the device in the given time frame I am only allowed to look at 1,000 of them. The only answer support has been able to give is "If I need more data look in the database." Sorry if I am mistaken, but that is at least part of why someone would purchase NPM, so there is a useful front end for all of the data in a database.
So enough of that rant for now, on to the questions.
Despite having users of NPM that know what the syslog messages mean, they are network engineers and shockingly don't know (or want to know) anything about SQL or SWQL, but yet those same users are now (per SolarWinds Support) expected to craft queries to get to the data that used to be very easy for them to get to.
Any suggestions to keep them from tar and feathering me?
Does anybody have any parameterized sql/swql scripts to allow for users to perform these searches without having to dig into sql?
Finally, what is SoalrWinds thinking, well i know what they are likely thinking (it seems a great way to get people to buy the full log and event manager product). However, this has made me start looking to replace SolarWinds in our environment.
Any suggestions for dealing with the fallout of this would be greatly appreciated.
