bobmarley ✭✭✭✭✭

@"Pawan2020" Here is the thread that discusses muting and also the link to the GitHub sample scripts https://thwack.solarwinds.com/t5/Orion-SDK-Discussions/Mute-Alerts-in-SolarWinds-via-Powershell/m-p/296302

You will need to set up syslog logging on your routers which is fairly simple. Just look up the logging command for your router model. When you set it up you will need to set up a logging destination address which will be your SolarWinds server then you can use the Syslog Rule Engine either on your SolarWinds Server or in…

Using 3rd party automation tools and SDK scripts together. Not directly from Solarwinds. The people that do patching and upgrades at my place never touch Solarwinds directly but they wanted to be able to add/delete/unmanage nodes based on their own work flows. So if they want to take a node out of a rotation, unmanage it,…

The attached JPG files shows an example using an alert I have. In this case it is using a custom property field to set the alerts severity to match a 2 or a 3. If the field is blank, there is no match, so the alert won't trigger I added Is Empty to match a blank field. You might possibly have a similar situation in your…

You could send a syslog message to your SolarWinds NPM system from within your script and then create a syslog alert. Google the 'Logger' command.

If you open this table in SWQL studio I think Message is the one you need to pull -- SELECT TOP 1000 TrapID, EngineID, DateTime, IPAddress, Community, Tag, Acknowledged, Hostname, NodeID, TrapType, ColorCode, TimeStamp, ObservationSeverity, Message, ObservationTimestamp, ObservationRowVersion, ObservationSeverityName,…

Have you considered using a chart instead of a table?

Could you also add a condition where the pool name contains the names for the pools you want to alert on? If so you could add that condition and use the suggestion to create multiple alerts. 

As Rschroeder pointed out you should be polling from SolarWinds so you can keep the history of the metrics but for items such as 'on battery' you may want to depend on Syslog or SNMP Traps. Those will get sent to you almost instantly where the polling usually only gets done every few minutes. If your UPS is very loaded and…

Here is an example. I have one node down alert for all nodes. There are many different severities, assignment groups, and email addresses based on who owns the server so I created custom properties _Severity, _Group, _Email so if you look at my nodes custom properties they look like: ServerABC _Severity 2 _Group…

As an example _Group is a custom property and Critical Servers would be a value for that custom property.

Several of the tools in our security suite perform scanning. I just subscribe to the reports and import them frequently. You could use Orion's discovery as well.

This is the example on how to add nodes via Powershell. https://github.com/solarwinds/OrionSDK/blob/master/Samples/PowerShell/CRUD.AddNode.ps1 As mentioned you can do it within the network discovery resource. I usually don't paste a thousand in at a time usually around 250. If they are ICMP only nodes just crank down the…

I can't paste using right click -> paste or CTRL + V using the Windows 10 browser. 

After some digging I found the full list and the alert name isn't in there. Link is below. Looks like you will need to manually enter the alert name into your messages. http://www.solarwinds.com/documentation/en/flarehelp/orionplatform/content/core-trap-alert-variables-sw707.htm?cshid=OrionAGTrapAlertVariables

AND vm.Host.Cluster.Name LIKE '%yournamegoeshere%'

Add this to the end of Marc's query. You can use partial names since the % wildcard is there. If you have more than one node you can also do OR LIKE and add them on to the end and DisplayName LIKE '%YOURNODENAMEHERE%'

Check out your Cisco security tool. If it is the one I'm thinking of it already includes a flow replicator.

If you want to look deeper into your audit log events with SWQL Studio you can use the query below. You can uncomment the Where clause and add whatever text you would like to search for by replacing change custom with your own wording. Perhaps you can find an event that closer matches what you are looking for. SELECT TOP…

Not Like Null is another option if they are not populated.

According to mesverrum's post above the node has to be down for at least 2 minutes in order to alert. Maybe that is the actual problem. May be 1 minute is not long enough?

If you put this into SWSQL into a report. It will show you all of the currently down nodes and the time they went down. SELECT NodeName AS [Node Name], '/Orion/images/StatusIcons/Small-' + StatusIcon AS [_IconFor_Node Name], DetailsUrl AS [_LinkFor_Node Name], MAX(DOWNEVENT.EVENTTIME) AS [DOWN TIME] FROM ORION.NODES NODES…

Did the install on my lab 3 times on a fresh server and got this each time. Installed 12.5 then installed 2014.4 on top of it. Had to stop NPCAP software in between for the install to complete.

Hi harshaabba, the field that you need to change the value for 'Forward Syslog' is in part of the Sample Alert that you set up in Orion, it is a dropdown box that you need to pick from under configure an SNMP Trap. I hope this helps, if not please explain your issue some more. In the original question olusea was asking how…

You need the install the plugin Releases · solarwinds/OrionSDK · GitHub The information about SWIS is here GitHub - solarwinds/OrionSDK: SDK for the SolarWinds Orion platform, including tools, documentation, and samples in Powe… There are a lot of examples here on THWACK. The script should work once you get the plugin…

Here is an example of an alert name Splunk-0132-BAM-Info-Routing Change-Alert text, this is what the alerts says The way this name is broken down in our environment is shown below. We separate the fields with a '-' so we can regex them later if needed. (1.System that generated the alert)-(2.Unique Number…

Based on your feedback added this at line #35. It filters out the acknowledged alerts so those won't show and then the alert name must contain 'intel p3 node down'. WHERE AcknowledgedBy IS NULL AND o.AlertConfigurations.Name like '%intel p3 node down%'

Thanks mesverrum that work great! Setting this up for our NOC to keep tabs on nodes/circuits that are down longer that expected. Having the notes section allows them to display ticket numbers and status of what's going on with the alert.

I have the same issues. Sometime it works sometimes it doesn't.

Pull over the >> on the upper left of the netflow screen and you will see where you can filter by domain. Then for example add Include Exclude fbcdn.net