HerrDoktor · Grumpy human · ✭✭✭✭✭

Isn’t Microsoft retiring the WebHooks soon and only allowing GraphAPI for this? https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/

As @"marcrobinson" mentioned, this is possible with LogAnalyzer and a SolarWinds agent. You define which log files LA should parse and then create a rule to check for the string pattern you like to match.

Just tested this as by your example, I wanted to avoid Basic Auth, but wasn't successful in using the Token authentication. However it seems not too difficult, and Twilio is showing examples

it won't be that straightforward but still doable. First you need to understand the Twilio Messaging API Programmable Messaging API | Twilio You then use an AlertAction -> WebHook REST API to trigger Twilio. I personally only have integated WhatsApp/Telegram/Teams/Slack but in the backend it's all the same.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF6qCAE&lang=en_US does this article help? SWIS can be treated like any other Application running on non standard port. cheers

Alright, so we had a longer discussion about this. Credit goes to @"tobyw_loop1" @"dgsmith80" @"marcrobinson" @"Deltona" @"shuth" The common theme is: Rather use HA than Acive-Active. Or use a separate instance where you only poll the info "duplicate" that you really need. Also the downside is, you need duplicate licenses.…

I am inclined to say that this might not be working anymore since v2022.x the whole database Schema and platform has changed since this version. I am asking in my peer groups if someone has seen this setup in the wild and post 2020 platform version. if you like to discuss this over a call let me know and I can give you my…

can you please elaborate. What is going into Active/Active, what SWI products are you using? What are other concerns?

then REST it is

I think the same thing happened to the support representative that also happened to me in your other post here on thwack. They got confused, because the information was not entirely clear.

You are mixing up things! API poller credentials are for gathering information from other devices (monitoring the devices via API). From your current explanation I am assuming that you are looking for interaction with the SolarWinds Platform. @"GirbanG" you need to create the SWIS API Account ONLY under manage accounts.…

You can't generalize the support experience. I personally see Support as a "break/fix" thing, where you get help if something does not work as intended/advertised. I believe your question was more directed into the "consulting" realm where in my opinion you are better off speaking to an implementation partner. Of course…

are you definitely relying on REST or are PowerShell Scripts also an option. I have come across some minor limitations with REST API as opposed to the PowerShell Commandlets

in addition to @"antonis.athanasiou" , API related questions are only supported via THWACK or on Github. Or is your REST API Question related to SAM API Polling? Going into the same direction as antonis, can you elaborate on your request

I think I also swapped some of your columns, I figured you could bring them in the order you want on your own.

I personally would stay away from the SQL widget... I had too many schema changes in my Solarwinds Journey that I solely rely on SWQL

Ahoi, what do you want to see in your SIEM? Solarwinds has some auditing functionality that you can potentially forward as Syslogs to your SIEM. What format is your SIEM expecting? And also Which solarwinds Product are we talking about? SolarWinds Platform? ServU? KIWI? ARM? ServiceDesk? ... the list is long

SELECT AH.AlertObjects.AlertConfigurations.DisplayName as AlertName ,ah.AlertObjects.RelatedNodeCaption, Count(ah.AlertObjects.RelatedNodeCaption) as Counter FROM Orion.AlertHistory as AH WHERE AH.TimeStamp > ADDDAY(-7,GETUTCDATE()) GROUP BY AH.AlertObjects.AlertConfigurations.DisplayName,…

Custom Widget is asking for a SWQL Query NOT a SQL Query, you can not throw a SQL in there!

That's exactly my point why you need the proper licensing. They will be deleted from the database after some time. The only way to properly store them is to copy them to a file location somewhere and maintain a backup repository there. Again, if you have 600 Nodes where you want to backup the config, you need the proper…

You need to modify your date calculation-> ADDDAY(-30,GETUTCDATE()) and I am not sure about the Table name in SWQL for the alert History. you might want to pre-test your queries in SWQL-Studio swql is not 100% SQL

Clear the browser cache. That usually helps.

If you are over the License Limit with your node count, the nodes will randomly „not work“ because you are violating the License agreement. The only proper way would be to delete the worked nodes, discover 200 fresh nodes, work them, delete them, discover 200 fresh, rinse repeat. if you have 600 nodes in total, you need a…

No

so are you having 600 nodes in total and you are thinking about "concurrent usage" for NCM? If so no this won't work. you have to license ALL nodes you want to manage with NCM, there is no shortcutting. if you have 200 Nodes in total and you want to do upgrade 200 nodes at 3 different times, then yes.

the way solarwinds is showing data is, that it pulls data. It is not ingesting generic data. "ingest" only works for NetFlow Data or Syslog/SNMP Trap Data. If you are able to pull the data via an API Call, add the device where you can pull the data via SAM API Call or PowerShell SAM Template.

you are correct, it is a global setting - all or nothing

It is a double-edged sword... it won't hurt from a performance perspective, but on an administrative side it can cause some dependencies you do not want, and you need to some manual work again. if you have tested it in your lab and i worked as expected and no "unwanted" dependencies came up, you can switch it on in Prod

I meant, are the devices added as nodes in the platform? If there is no “Node” in the SolarWinds Database, the Syslog receiver discards the message because it doesn’t have a database object where it can attach the syslog 

It was/is working fine for me all the time.