• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 41 subscribers
  • Views 1388 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Advanced Filtering in Network Discovery

planglois

I'm trying to do some advanced planning on in my new Orion Instance. Since I know I will be adding a ton of devices, I would like to leverage the Advanced Filtering capability.

Here's what I thought would be right:

the regex is:

6to4|Teredo|Kernel\sDebug|WFP\sNative\sMAC|QoS\sPacket\sScheduler|WAN\sMiniport|Failover\sProvider|\s\-\sethernet_

(I also tried with spaces instead of \s, with no luck)

I validated the regex: https://regex101.com/r/zQvrfm/2 

When I run the discovery, for some reason, it still sees all interfaces on the scanned devices:

Can anybody help me regain sanity? ;)

Parents
  • 0

    Hi so when you run a discovery SolarWinds will automatically scan for and detect all possible interfaces on that device as it is scanning the OID at the Node level and building an IFINDEX Table. Notice how SolarWinds doesn't show the status of those interfaces? So it could be that they were not Online? The first screenshot is the Interface Selection Criteria - This is more specifically what interfaces will be automatically selected for monitoring from the list of interfaces that are discovered. This means that when the Node is imported any Interfaces that match your RegEx will automatically be imported and selected for monitoring.

    When working on a new RegEx I often find it best to run a slightly smaller discovery and choose the Manual Import option, which will then present the same Interface Selection screen, but when you enter the RegEx you will then be able to see which interfaces that RegEx captures and you can make sure it's picking up the correct ones, and correctly ignoring the interfaces you don't want.

    Hope that helps

  • 0 in reply to dgsmith80

    Thank you!

    Reading your comments and taking a step back helped. Since I was doing the discovery on a subnet that was already added in NPM, it confused me.

    So I ended up understanding the following: The non-highlighted lines are imported. The yellow lines were filtered out, but show as "new". This, to me, should be changed to something more like "Ignored" " or "filtered" so I does not seems as it should have been there in the first place...

    Tonight, I'll go to sleep feeling less dumb, thanks to you! Slight smile

  • 0 in reply to planglois

    Not 100%. The list from your screenshot is the Discovered Interfaces. When SolarWinds scan's your device it discovers ALL possible Interfaces on that device based on the MIB Table. It catalogues them all regardless of which ones you go on to actively import and monitor. The Yellow highlighted ones are just the ones it discovered since your last discovery - It could be they are from devices that were not online when the last discovery ran or interfaces that didn't exist.

    To see an example I would suggest you find a Node in Manage Nodes and click "List Resources" it will show all the Interfaces available on the device and you will see which ones have tick marks to indicate you are monitoring it.

  • 0 in reply to dgsmith80

    To do my tests, I deleted a node and did a discovery only on that given server IP. I added my regex string, and let it do its magic.

    Once done, I went in the List Resources and only the expected interfaces were checked. I then went back to Scheduled Discovery Results, and it was showing my node, with an overall status of "changed" (Instead of new... Why? Looking at this table, I cant know if a new device has been added or simply new information is available):

    When I expend the Interfaces list: 

    • Interfaces that were added during that Network Discovery were showing the imported icon ( )
    • The filtered out interfaces are identified in yellow with the "New" icon ( ) as showed above.

    So, the way it's represented there is much like how it is once unfiltered interfaces are imported, then it shows there what's left of it... Whats confused me at the very beginning is that it shows as "new" instead of "ignored" as you wouldn't really know what really changed.

    To better phrase, the fact it's a regex to auto-import, instead of a regex to discover bugs me, as in the end, if I filter it , I don't care about it.

    It would also be nice to be able to flag interfaces that were previously imported and that you want to filter out in that new discovery, to be able to maintain the inventory in a proper way. If a server with 4 physical ports has 40-something interfaces discovered (logical and physical), imagine how many interfaces can be seen on a Juniper router (I.e.: a 48 port router/switch can easily end up having over 200 ports discovered...). Every time you activate monitoring on those, it's individual port statistics being polled. Then you multiply this by the number of nodes and it becomes a mess... Not everything that can be counted counts.

  • 0 in reply to planglois

    Hi,

    Is it possible to get information about who modified / created or deleted network discovery?

    Thanks in advance.

Reply Children

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.