Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

create a query for specific events

I am trying to create an ndepth query that will filter for specific events with the following rules:

if the event came from the application log of "ServerA" or "ServerB" and the event data logged contains "The remote server returned an error: (530) Not logged in." or "FTP Error - Retrying"

I want to eventually turn this into a rule that will alert some support people, but want to make sure that I get the appropriate events first. How do I build this?

Find more posts tagged with

sam12345

Accepted answers

All comments

quasar

If ServerA & ServerB are machines with agents, define them as the InsertionIP. Use an OR statement to grab data from both.

For the latter part, I'm uncertain whether your text is going to end up as the EventInfo, ExtraneousInfo, etc. Force the event to occur, note the timestamp, then see how the manager parses it by using nDepth to browse the events obtained from your InsertionIP during that time period.

njoylif

if using a syslog server w/ agent rather than the systems sending directly, you'll use "detectionIP" for source. filter by those and see what information you get from there to drag and drop "fields" highlighted..."InferenceRule" or "EventInfo"

Event Info doesn't appear to be avail (or I'm missing it), but if you start with the IP(s) and filter, then you can determine the rest.

if too much info just by IP, then sort filter (refine fields) by clicking on 321 and that will order by number of events, drag that event over and click the "=" which makes it "not =". keep adding until you find what you need.

ndepth drag and drop.png