how to construct a historical syslog report?

Question

I am trying to construct a historical syslog report with counts of message severity grouped by the hour. I have the data fields that I want except for the time summarization. How can I set that up?

lchance · Answer

Change your format string in Field Formatting for Date_Time to hh

and group it

lchance · Answer

My apologies. That may not be what you want for HOUR summarization. I had one made recently but did not save it. I'll try to recreate it and put it into this thread.

lchance · Answer

Here's a report I use - hope this helps. The FILTER for 10.16x.x.x is for my own use.

SELECT  TOP 10000 Nodes.Caption AS NodeName,SysLog.IP AS Source_IP_Address,SysLog.Hostname AS Hostname,SysLog_SysLogSeverities.SeverityName AS Severity,COUNT(SysLog.Message) AS COUNT_of_Message FROM ((SysLog INNER JOIN SysLogFacilities SysLog_SysLogFacilities ON (SysLog.SysLogFacility = SysLog_SysLogFacilities.FacilityCode)) INNER JOIN SysLogSeverities SysLog_SysLogSeverities ON (SysLog.SysLogSeverity = SysLog_SysLogSeverities.SeverityCode)) LEFT OUTER JOIN Nodes ON (SysLog.IP = Nodes.IP_Address)  WHERE  (  (   NOT (SysLog.IP LIKE '10.16%')) AND   (   (Nodes.Caption <> 'myOrionServerName')))  GROUP BY Nodes.Caption, SysLog.IP, SysLog.Hostname, SysLog_SysLogSeverities.SeverityName   
ORDER BY 2 ASC, 5 DESC