christopher.t.jones123 · CRIS Solutions Architect/Engineer · ✭✭✭✭✭

@"karem", is your new environment allowed to talk to the end devices over SNMP? For instance, you would need to make sure any firewalls and access lists between the two devices allow SNMP traffic from the new Solarwinds environment to the end device. Another common setting is on the end device itself, often you can dictate…

@"vandu" you should investigate what rule is actually triggering the alerts. Do you have Log Analyzer or Log Viewer? If you have Log Analyzer you can just add a tagging action the rule to validate it, if you have Log Viewer it will take a little more in-depth SWQL querying to get that data. But ultimately now that you have…

@"jhouse55", sounds like it might be rejecting it because of the From info in the alert action, could explain why it is working in the test action on the SMTP page but failing in the alert action. Try double-checking that info matches what is set on the SMTP configuration page.

yea thats the unfortunate thing about the limitations. I haven't found a way to limit access for configs to a set of devices 

should be able to do a list resources on the offending virtual F5 and deselect Hardware Health

@"mfkdgaf", it's my understanding that this a caused by the way the provider is interpreting the POST from SolarWinds. SolarWinds is just passing what is dictated for it to pass; but different providers ingest that data differently so in this instance the "\" in the captions the providers are interpreting it as an escape…

@"mfkdgaf", if you're alert is for Volumes then you are likely running into the issue described here. As @"aLTeReGo" mentioned this is caused by a value being passed that is not escaped correctly (in the article I linked it is specifically the Caption Variable). 

@"mfkdgaf", if you look in the C:\ProgramData\SolarWinds\Logs\Orion\ActionsExecutionAlert.log it should tell you what it's erroring out on.

@"vandu", if the goal is to not have anything meeting the criteria of this rule is to not trigger an alert then you need to remove the action that tells it do that by deselecting the "Send a Log Rule Fired event to Orion Alerting"

@"vandu", based off the screenshot of the rules you sent that is not how the rule is configured, post a screenshot of the action definition, and post a screenshot of your global preprocessing rules.

@"vandu", based on this criteria what do you want SolarWinds to do?

@"vandu", to confirm you want the traps found as a result of this rule to NOT trigger an orion alert and therefore not create a ServiceNow incident? Based on this screenshot any trap that meet the criteria of this rule will trigger an Orion Alert

@"vandu", what is the action? does it discard, stop additional processing? What is defined on this section of the rule, if you want it to drop the trap and then stop processing additional rules you must define that here. It's number two on your list, but what is number one? Is the rule above it the one that is designed to…

@"Chet", trying chaning the ignore comparison to the below and see if that works ^.*no bridge-group.*\n

@"vandu" what is the action for this rule you are creating? where does it fall in the processing order? as an example if this rule you are creating is designed to dump the trap or stop processing against any hits for the rule, it would need to be above any rule that is designed to trigger an alert of some kind. If it is…

If you want to just limit that user to a specific set of nodes you can just apply a limitation to their account and define only the device(s) you want them to be able to see. Below are some references for it https://support.solarwinds.com/SuccessCenter/s/article/Account-Permissions-and-Limitations-Video?language=en_US…

Is the overall goal for them to only be able to see specific nodes in general along with their configs (which can be accomplished with some account limitations) OR to be able to see all nodes but only be able to see the configs on a specific set of them (I'm not sure this is possible)?

@"planglois", here is an updated link Who Watches the Watchmen? The Orion Health Page

there is an out of the box alert you can duplicate and edit specifically for this. "No Polling Engine Update in last 10 minutes"

@"vandu" are the F5's its reporting unknown on virtual F5's? if so that is a known condition, you can disable hardware health monitoring on them by deselecting it when you do a list resources against the F5.

@"JCALD6", when you click edit in the top right corner of the widget it should display its data source, from there you should be able to tell what is being used to populate the data. If its not a custom query the graphical builder has a function that tells you what query is being run as part of your data source. To the…

@"shadowcatz", could be a million things (probably some code change on Microsoft within Graph API most likely), but glad to hear that cleared that up for you.

@"ajohnsonSGUK", I would imagine you could use API polling or PowerShell script component monitors to poll the Application Insights from Azure. From the documentation it looks like they have some sort of API that can be queried

have you attempted to run it manually in PowerShell from the polling engine executing it? It should give you an idea of what Microsoft is sending you back. You might also be able to add the following right above the Write-Host line for statistic. It should convert the statistic into an interger $stat=[int]$stat

@"shadowcatz", you probably need to convert the statistic variable to an integer prior to calling it at the end (I ran into this alot when converting the API pollers to PS scripts). If you post your script I should be able to make the mod necessary

you said that when you test it on the edit application monitor page it returns results. what are the results?

@"shadowcatz", NaN usually indicates that the statistic is in a format that is not acceptable to SAM. When you run the test in the application monitor what is the value that it is returning?

@"jnc", are you initiating the file upload or is it some task that is being launched within NCM? If you have not tested it manually can you try doing that? Can you also try and remove that user and recreate it, maybe the password changed from when that user was first established in the SFTP console.

@"johnwilly", I highly suspect your Palo Alto FW rules are not written correctly, specifically the application portion of those rules. The problem is that it becomes very difficult to track down because from a consumer perspective everything looks like it should go through via conventional test like telnet, but when the…

@"johnwilly", i've seen where a WAN accelerator or some sort of traffic shaping can cause these kinds of problems. What kind of firewalls are between them? also, have you reviewed the installer log to see if it provides any additional information?