Advanced syslog parser is dead... long live to Log Analyzer

Does anybody know if there is a way to represent data with Log Analyzer as it was done by the syslog advanced parser widget ?

Since our upgrade the networking team is still complaining about the missing widget they used to have... Any suggestions welcome.

  • I was a bit bummed too about the lack of LA specific widgets as well, If you post a screenshot of an example of the log parser widget with data in it I could probably cook up a SWQL based replacement.

  • A Log Summary dashboard, along with updated Node Details resources is something we are currently working on. I'll second Marc's comment above - if you could provide some screenshots of what you'd like to achieve it'd be great. Equally, if you'd like to set up a quick call to discuss further, just let me know.

  • You can add a Custom Table widget and use custom SWQL query as datasource. This way you can even filter nodes, severity, etc. Changing filtering conditions will require the query modification though.

  • Hi,

    it would be nice include into the Orion Log Viewer at least the same widgets or a subset of them as we used to have before upgrading like the advanced syslog parser who did the job for my networking colleague.

    This way people have time to get acquainted to the new interface and the power of its rules.

    Capture.PNG

  • Syslog and Trap widgets on nodes details page are not working after upgrading to OLV. Below are the names of widgets.

    - Node Related XX Syslog Messages

    - Last XX Syslog Messages

    - Last XX Trap Messages

    Does Solarwinds team have a plan to modify these widgets to use new log database?

  • Yes, we do intend to create some new out of the box widgets based on the new tables... In the meantime you can use a custom query widget and the example query below on your node details page. (stolen from wesleykparker​ in another thread)

    SELECT TOP 100 -- Edit this number for how many messages you want to load to widget (you can modify the widget for how many messages to page)

    let.Name AS [Message Type]

    ,Level AS [Severity]

    ,TOLOCAL(DateTime) AS [Log Time]

    ,SUBSTRING(Message,1,100) AS Message -- Edit the last number for how many characters of the message you want to see

    ,CONCAT('YOURORIONURLHERE','/ui/orionlog/logviewer/now/1hours/',${NodeID},'/syslog') AS _linkfor_Message --Replace YOURORIONURLHERE with the address ex:  'https://orion.abc.com'

    FROM Orion.OLM.LogEntry le

    JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID

    WHERE NodeID = '${NodeID}'

    --AND le.Message LIKE '%${SEARCH_STRING}%' -- Remove The -- From beginning for the "Search SWQL Query" Box

    ORDER BY DATETIME DESC

  • I actually happened to be loading up my custom widgets for this use case into a client environment when I noticed this thread got updated.  This is the SWQL I use, a little bit less leg work for the end user and it attempts to clean up some of what makes traps super ugly

    SELECT MessageDateTime

    , let.Name as Type

    ,substring(Message,1,charindex('sysuptime',message)-2) as Message

    , '/ui/orionlog/logviewer/now/24hours/${nodeid}/'+let.Name as [_linkfor_Message]

    FROM Orion.OLM.LogEntry le

    join orion.olm.logentrytype let on let.logentrytypeid=le.logentrytypeid

    join orion.olm.MessageSources ms on ms.MessageSourceID = le.MessageSourceID

    where le.nodeid=${nodeid}

    and messagedatetime > addday(-1, getdate())

    --and message like '%${SEARCH_STRING}%'

    order by MessageDateTime desc

  • When?  its been months since you posted this and still nothing....  LA is terrible

  • When I try to run this query, it never finishes. Does this still work in 2020.2.1??? We lost the widget and our support teams are asking to get it or something similar back. No mention of this when support asked us to separate our DB. See how this has been over a year and still nothing from Support on a replacement widget.