nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Is it possible to query for all Events within the last 5 minutes?

ccfc1986

Is it possible to query the SWQL via a REST call (i have a working script to do this so far) - but to query just for events that have occurred in the last X minutes or seconds? I have looked at https://support.solarwinds.com/Success_Center/Network_Performance_Monitor_(NPM)/How_to_use_SolarWinds_Query_Language_(SWQL) which is useful to help generate basic queries, but it doesn't seem to list an option to check certain time frames easily. In regular MySQL i would do something like TimeStamp >= UNIX_TIMESTAMP() - 300 (where TimeStamp is the EventTime in our case i believe). Is something like this possible? Thanks for your assistance in advance.

Find more posts tagged with

Accepted answers

All comments

tdanner

Sure. The functions available in SWQL are here: SWQL Functions · solarwinds/OrionSDK Wiki · GitHub. To get the events in the last 5 minutes, I would start with a query like this:

SELECT EventTime, MessageFROM Orion.EventsWHERE EventTime > ADDSECOND(-300,GETUTCDATE())

ccfc1986

tdanner - thank you for the response. When i try this either via my script or SWQL Studio i get error messages for the function calls.

In Studio, it errors on GETUTCDATE() with "Function GETUTCDATE not found" and from my script (perl) i get an error with the ADDSECONDS() like "Message":"Function AddSecond not found".

Does this mean i don't have the right or latest version of the SDK available to me? What information could i possibly give you that would help?

Thanks once again for your support and time.

tdanner

In SWQL Studio, are you using the "Orion (v3)" server type?

ccfc1986

Wow, that was fast..ninja.

It lists v2 in the tabs when i open multiple queries. (i assume this is grabbed from the server and isn't a setting i can change from the client).

Thanks!

tdanner

When you start SWQL Studio, there is a connection dialog that asks for hostname, server type, username, and password. This is where you can pick "Orion (v3)".

ccfc1986

Thanks again tdanner. I made the change after exiting the app and reloading and selected "Orion (v3)" from the available drop down. When i run the query however, i get the same response/error as listed above.

Thanks!

tdanner

What version of Orion are you running?

ccfc1986

This is from the web gui:

Orion Platform 2013.2.0, NPM 10.6, NTA 3.11.0, IVIM 1.8.1, VNQM 4.1

Its an older version. With that been the case, if this limits my functionality - is there any way you can think of i could get such queried data from the system?

Thanks again

tdanner

Ok, with that version you should have GETUTCDATE() (in SWISv3) but you are missing the ADDSECOND() function. You have a couple of options:

1. Instead of computing the "5 minutes ago" time in the query, compute it in your program and use a string literal in the query. Like this:

SELECT EventTime, Message  FROM Orion.Events  WHERE EventTime > '2016-05-12 19:10:39'

2. Compute the "5 minutes ago" time in the query, but use the subtraction operator instead of ADDSECOND(). You can subtract fractional days. Like this:

SELECT EventTime, Message  FROM Orion.Events  WHERE EventTime > GETUTCDATE() - (5/1440.0)