Comments
-
This depends on your view on risk. You seem to only be performing Read function against the API and therefore the only risk is that you create a really poor performing query definition, which causes performance issues during run time. My approach would be to determine how bad your query could be and if you are super…
-
What happens when you run an inventory report on all Nodes? Does is match the SQL output or Manage Nodes output? The following query will allow you to see if you have any duplicate nodes based on the Caption being unique: SELECT Caption from Nodes GROUP BY Caption HAVING count (*)>1
-
The thing to bear in mind here is that the Hardware Sensors are not tied to monitored interfaces and therefore, evaluating the state of the interface is not going to happen automatically. I would suggest you look to disable or change the thresholds for Warning/Critical in the Manage Hardware Sensors area. I am also as an…
-
Sorry, for this, I didn't give you the right query. Try this: SELECT s.StatusName AS State, COUNT(wap.status) AS StatusCOUNT FROM Orion.Wireless.AccessPoints wap INNER JOIN Orion.Wireless.Controllers c ON c.id = wap.ControllerID INNER JOIN Orion.Nodes n ON c.NodeID = n.NodeID INNER JOIN Orion.StatusInfo s on s.statusid =…
-
There are some videos available in the training area of the Customer Portal (https://customerportal.solarwinds.com/), under 'Training and Education > Virtual Class rooms' there is a Patch Manager section. If you would like more direct hands on training DM me, as my company Prosperon can provide a bespoke training service…
-
The following query in SWQL should get you where you need to go, which with the following link on charts in 'Modern' dashboards on how to put in place: SELECT wap.DisplayName, wap.status FROM Orion.Wireless.AccessPoints wap INNER JOIN Orion.Wireless.Controllers c ON c.id = wap.ControllerID INNER JOIN Orion.Nodes n ON…
-
I believe this was intended to be @"marcrobinson". @"hnz980" can you provide more details about what is not working. Is it not triggering or not performing your configured actions?
-
the beauty of SWQL (SQL) is the level of control of the data you have. To give you guidance, I would expect this to help: SELECT COUNT(ID) AS IncidentCount FROM Orion.ESI.AlertIncident WHERE IncidentID IS NOT NULL AND (State = 'Assigned' OR State = 'somethingelse')
-
I do not have access to a populated instance to confirm the values, so you will have to identify the correct keyword yourself from the contents of that table cell. Replace Open (leave the single quotes) with whatever is the right keyword.
-
I included the <> to define that this is a dynamic sample value and to replace the whole of that block. Try this: SELECT COUNT(ID) AS IncidentCount FROM Orion.ESI.AlertIncident WHERE IncidentID IS NOT NULL AND State = 'Open'
-
It is worthwhile you looking at the basics of SQL/SWQL, as if you have this requirement now you are going to have more in future. The following is the standard place to start learning - https://www.w3schools.com/sql/sql_where.asp In the following adjustment to the previous statement, you can see I have added an AND, which…
-
this is just for tickets that have been pushed to create Incidents in SNOW. You can add other clauses to the WHERE to focus on things such as stage if you like Glad it is working for you!
-
Just try SELECT COUNT(ID) AS IncidentCount FROM Orion.ESI.AlertIncident WHERE IncidentID IS NOT NULL
-
Replace in the following SWQL query the name of the column in the Orion.ESI.AlertIncident entity, which is storing the IncidentID. I do not have output in front of me, but from memory it was the IncidentID field. This query will output the number of alerts which have an Incident ID from SNOW it has collected as part of the…
-
Did you have a look at the Orion.ESI.AlertIncident SWQL entity to see what data exists? If you have SWQL Studio installed use that. If not and if you are not likely to do much custom querying, then navigate to the following URL https://<servername>/Orion/Admin/swis.aspx Delete the default query and in the Generate Query…
-
The incident data from the SNOW integration is stored in the SWQL entity Orion.ESI.AlertIncident, so have a look at this entity to see the data you can access, but the following query may be a starting point for you: SELECT a.AlertConfigurations.Name, a.EntityCaption, a.AlertActive.TriggeredDateTime,…
-
Hi For this you need to manipulate the WHERE clause, which is the construct in SQL (SWQL) to filter data is retrieved from the database. In your case you are asking to control which groups are retrieved. Therefore the following adjustment will allow this SELECT COUNT(1) AS KPI_Numbe from Orion.Groups WHERE Status= 2 AND…
-
Others have shared links to the resources on how to get the native Orion alert action integrated to ServiceNow, so I will just add my thoughts. Email to ServiceNow is the least best option, as it can be restrictive and more of a burden to manage. If the native alert action is not fulfilling your needs, then you can look to…
-
When the migration was forced on them from the original Thwack platform a few years ago, the replacement was not good at all, however this was identified pretty quickly and a 3rd incarnation was put in place. This is way better than the previous platform, but I can certainly see some things do not quite work the same or…
-
It is unlikely you will have any, as if you did you would a. know about it and b. have documentation in place to cope with restoring after an upgrade. Custom code refers to custom website files that may exist in the C:\Inetpub\SolarWinds folders, as during an upgrade these will often be removed.
-
Hi, I believe you are going to be best to utilise the 'delay' condition parameter and the enhanced Complex Alert options to achieve this goal. The complex alert feature in the Trigger condition tab will allow you to define a completely new trigger condition, which will come in to play after the first condition generates a…
-
I didn't look at the output or what you were trying to do, just fix the query to allow it to output. If you look at the <span class="s11">Cirrus</span><span class="s10">.</span>EntityPhysical entity, you will see there are multiple rows for each of the physical elements on the node. Therefore, you simply need to add a…
-
The JOIN was not correctly mapped, try this SELECT [Nodes].NodeCaption , [Nodes].AgentIP , [Nodes].Vendor , [Nodes].MachineType , [Nodes].OSImage , [Nodes].OSVersion , [Nodes].EndOfSupport , [Nodes].EndOfSales , [Nodes].EndOfSoftware , [Device].Serial FROM Cirrus.Nodes AS [Nodes] LEFT JOIN Cirrus.EntityPhysical AS [Device]…
-
Great write up Jake. I am an advocate with customers on using IM integration, even if it is an additional action to the ubiquitous email (Helpdesk integration still the preferred option), as the ability to immediately communicate within a team on an issue in the IM platform (Slack, Teams, Jabber etc.) can be hugely…
-
There is an out the box report 'Triggered Alerts - Last 30 Days web-based'. If you need anything specific in your output, use this as a starting point by duplicating it and extending. Come back if you need help.
-
NTA is able to provide good visibility on source to destination session communication. Using the online demo I have used in the screenshot below the Flow Navigator to put a filter in place for communication either to or from a specific IP and only for HTTPS traffic, which will then display all flow enabled interfaces that…
-
Hi You have a number of data sources to collect this information, so this will depend on what Orion modules you have, but assuming you have all those listed below, you will be able to generate such a report: * RTT, PL can come from either the Orion core feature Quality of Experience or VNQM using its IP SLA feature* For…
-
Every day is a learning day for us all. Glad to hear you got it working
-
Hi As the OLM database is separate from the Orion core, you are advised to use the SWQL based method to query the OLM data. In SWQL, the entity container Orion.OLM has a number of entities within, with the following screenshot likely the areas you are interested in: (Taken from SWQL Studio)
-
Hi Here are my thoughts on this alert definition: * It is not necessary to have a sub group as all of your statements are AND, so you could simplify this definition in to a single group * I prefer for Volume alerts to use the Critical Threshold is equal to Yes* For this you then use the global Critical threshold and for…
