jrouviere ✭✭✭✭✭

A User Defined Group is just a group of search strings or keywords that LEM can evaluate all at once for a rule action or a filter. Typically something created by the end user (you). LEM isn't able to fire rules against historical data, but one thing that I've done in the past is mirror my Rule correlation in nDepth and…

Wow. That seems like an oversight to me. I'd hit up Support to make sure that's not a bug and then if it isn't at least put in a feature request for it to change. So it looks like there's two percent availabilities, one for the group itself and one for the group members. If you just need the group itself then it should be…

Haven't successfully done it, but I ran through your method and I'm getting the same thing, all interfaces seem to be reporting the same code for Admin and Operational status.

NTA supports about 19,000 applications out of the box, if you would like to review them or add to them, you can find some helpful KBs here: Applications and service ports - SolarWinds Worldwide, LLC. Help and Support Add applications and service ports - SolarWinds Worldwide, LLC. Help and Support

I was following this as I was curious myself and then reviewing for something completely different I came across this in the KB: Use SQL to show components and credentials applied to them - SolarWinds Worldwide, LLC. Help and Support It takes a little bit of modification to put into SWQL, but I think you should be able to…

To my knowledge there's no limitation using the Agent. The template you linked to is pre-configured Oracle Experience Monitors from SAM. What you will need on the SAM server/Poller side is the Oracle components so that SAM can query the information you're looking for: Configure SAM to monitor an Oracle Database Server -…

I don't have any 2019 servers, but you should be able to use Machine Type to filter it:

Try updating the EventInfo field to "Account lockout *" without the quotes. and removing the quotes from your filter basically.

It does seem simple on the surface. I'm using "High Transmit Percent Utilization with Top Talkers" as a template alert. You could use the default Transmit/Receive alerts as templates, or likely change the metric to "Total Average percent Utilization" if that matches the data you're seeing. That should handle your trigger.…

I'm assuming you've got the appropriate Cisco connector set up and pointing at local2 on the SEM? If that's the case, one thought is that the spanning logs may not be normalized or they may be dropped. It's not super common, but there are instances where clearly junk messages would be dropped. Are you able to trigger…

I don't have PM in front of me which is why I didn't previously answer, but from the task directly it might be limited to 15 minutes. However, you can do a separate reboot/shutdown task and I believe (though working from memory) that you can set a longer period. I'm not sure it's going to be as long as 4 hours.

Hello jbake, LEM in most cases requires a custom connector to be able to read custom logs. LEM may not be able to parse your data now, but you can submit your request: Submit a request to SolarWinds for a new LEM connector - SolarWinds Worldwide, LLC. Help and Support I would contact Support and get them a sample of the…

On the right side there's an arrow, when you click that you get additional details and they usually link to a KB article as well.

You will need to publish the third party update first, then approve it. While checking for updates the node will review the approval, pre-requisite, applicability and install rules to decide if the update needs to be installed.

I'm not sure that they're specifically mutually exclusive, but the difference tends to be that WMI is going to be Microsoft only and SNMP is generally everything else. SNMP is used for Linux based operating systems as well as networking devices. Windows can do SNMP, but that would require additional configuration vs what…

I've seen issues in the past discovering remote subnets, so you may want to look at running the installer on the various subnets where you see the issues. If you have one you should be able to feed a list of nodes to the installer as well so that it can use the provided list to reach out to the agents.

If you have NCM, that would definitely solve this. The compliance pieces are handled per node/per configuration not per interface, so you may need to get creative with ways on excluding particular interfaces that don't fit your policies or write rules that are more specific to the interfaces you're looking for. This is a…

When you perform one of those actions on your router (add, modify, delete) are you able to see the event in nDepth? If you are able to see the event, but the rule didn't fire then it may be logging as a slightly different event than what the rule is looking for. For Windows you'll typically see NewDomainMember or…

There are a couple of articles that touch on this topic if you want to do it via reporting, here are two: Create a report displaying third party updates installed by WSUS - SolarWinds Worldwide, LLC. Help and Support Create a third-party updates report in Patch Manager - SolarWinds Worldwide, LLC. Help and Support

You can filter and display dates on the updates, it can vary what you're looking for. The one that comes to mind would be "Arrival Date" which is usually the date that it was published or available on the WSUS server, so if you were synchronizing on Patch Tuesday that would be a good baseline to start with. There are other…

If your installed rules match correctly, I believe I've seen an issue with this where deleting and re-publishing resolved the issue: 1) Delete the update from WSUS. 2) Delete the update from the Packages catalog. 3) Re-synchronize the catalog. 4) Re-publish the update. This usually resolves the issue if it's the same thing.

Looks like there was another post from four months ago that went unanswered: UnicodeEncodeError - Linux Script If it were me I would start with turning on debugging for the Application Template and review the logs, depending on what I'm seeing, the criticality of the issue and how many nodes are affected I might reach out…

Check the poller settings and I would recommend blanking out the polling interval. If you still don't get results, someone who posted a similar issue found errors in the poller logs, I believe under: C:\ProgramData\Solarwinds\Logs\Orion\NPM They ended up rebooting the Orion server to resolve the issue. Universal Device…

Looks like it's an issue with the Crystal Reports plugin, re-installation instructions if you haven't tried that already: LEM Reports console error: The program can't start because cslibu-2-0-0.dll is missing from your computer - SolarWinds W…

Hello shelbyj, Typically you don't want Patch Manager or a related system rebooting on a user who is signed into the computer. I could expound on the reasons why and how to deal with them, but there's a pretty good write up here that delivers it almost exactly how I would:…

I don't know enough Perl to add to your script a way to get at it the way that I did in Python, but I wrote a few lines of code that would solve this with Python if that were an option. The main way I solved it was that you seem to have a way to find the line already, if you transform the line slightly so that you're able…

Hello Ojanke, It may help to have someone take a direct look at this with you, and it wouldn't hurt to be able to get a screenshot of what you're actual search looks like, but for the most part you should be able to do this already. For example: I have replicated what I imagine you could search for. I have braced the…

I haven't seen it before. You can try to remove the credentials, but that may cause a different issue. If you haven't done so already and are able to, you might try restarting the manager service and checking the settings again.

* Unknown Status most likely means that you are running in Hyper-V and LEM is not able to pull those statistics. * Not really. LEM is a Log Manager, if it's not in a log file LEM isn't likely to get the information. You could likely submit it as a feature request, but I think Web Help Desk is the SolarWinds asset inventory…

I think this is what you're looking for: NetFlow Collector Services page shows a blank entry after renaming a server - SolarWinds Worldwide, LLC. Help and Suppor…