mesverrum · Observability Architect · ✭✭✭✭✭

I like the union technique here for getting the totals, hopefully it isn't beating up your DB too bad though with all the string matching and not likes. One way you could improve execution time if it became a problem would be to set a customproperty like 'IncludeInReport' t/f and then run a script to tag all the interfaces…

I believe the scalability guidelines recommend an additional web server for every ~20 or so concurrent users.

Muting the source of the alert seems like a really imprecise way of handling this scenario, as muting it would also prevent that node from triggering any other alerts that it should have in the interim. As an example, node triggers a high CPU alert, your NOC tech escalates and mutes it, the system engineer maybe doesn't…

the 100 license will monitor a max of 100 network interfaces, presumably on 30 switches that might be keep an eye on just the uplinks between them and not much else.

The best to learn how to form you filters is to create one by hand in the GUI and then look it up in the tables and see how it shows up there, in this case the syntax is something like @{ Name = "$city City Node"; Definition = "filter:/Orion.Nodes[CustomProperties.City='Austin' AND Dependency_BreakDown='Edge_Parent']" }…

So this is basically a bad idea, contractors like me end up getting brought in to gut and redo the alerts in environments when they get set up with spammy email schemes like that. If your team needs to know which nodes are down why aren't they just looking at a page in the web console as necessary? If you insist on sending…

Seems a shame that nobody was able to jump on this one for you. This is based on a reworked node downtime query from one of my colleagues, with some minor tweaks i just made it should do what you want. This is set up to work as a swql query resource on a summary page, if you paste this directly into a custom report i can…

The variables you put in the alert shouldn't cause it to not go out, they either show up correctly, null out, or if the syntax is wrong it just includes them as a normal string of characters. Are you saying that the Alert never triggers even when you know it should be? Presumably the component is showing as down/critical…

I've been able to work around this kind of issue by using custom swql queries to only show the highest severity alert of a particular type on a particular object. It's pretty complicated though if you aren't a sql type. This does raise the question though, if the NOC response to an informational alert is to do nothing then…

The gui for setting up automatic addition of discovered objects has the same filters available to you, just check the boxes and it will save that definition for when it runs next time.

I've not heard of any specific development around the exchange template, but if you can explain what specifically they are looking for that isn't there we might be able to come up with a solution here?

Add this custom variable ${ SQL: SELECT count(*) from nodes where status = 2 }

I would expect to run into performance issues with a sql express instance once you get more than 100-200 elements (nodes or interfaces or disk volumes) at default polling intervals due to the ram limit. It's just not very much to work with. Obviously if an environment can't support a paid SQL instance then I expect they…

DPA is pretty much a standalone tool outside of Orion, for the purposes of the integration they port over a small subset of the information from DPA to SWIS, but the bulk of the meaty data stays in their database and cannot be accessed via SWQL and the Info Service. You would have to query the DPA repository database…

It depends on what your team actually does at these various levels of warning. How do you notify on warning, how do you notify on critical, and what is the expected action of the person you notify? In most cases I push for a model where we don't even alert on warning thresholds, I just send out a daily report of nodes that…

You can tell if the vlan mib is available on a network device by hitting list properties and looking to make sure it shows VLAN's with a check like this Assuming that is all good then you should be able to do what you want by creating a report on interfaces and looking for the node caption, interface caption, port mode and…

I thought I'd dig up some documentation on this process and was amused when I found this gem https://support.solarwinds.com/SuccessCenter/s/article/Upgrade-to-NPM-12-from-NPM-11-5-and-earlier Which essentially says the "recommended" route is just a complete rebuild haha. Looks like the document I used to reference has been…

for nodes up = reachable from the orion polling server by icmp ping down = not pingable for interfaces up = snmp/wmi reports that the interface is connected down = snmp/wmi reports that the interface is not Up and down don't assess if there is traffic or any other properties

The easiest way to bulk edit this would be to just go to the edit custom properties page, group by your ServerOnCall property, select all of them that have the "old" number and edit them to put the new one in. Shouldn't take more than 2 minutes. yourserver/Orion/Admin/CPE/InlineEditor.aspx Getting way deeper you could…

If it has not been made clear enough yet, you do not want to increase the retention period for those in most cases. NPM isn't set up to efficiently handle a large volume of syslog/trap data and it is notorious for bogging down when people hit it with too many. As mentioned in the article posted by sja​ you can set up…

I don't recall anywhere in NPM where it queries the F5 devices for their current time, and I'd be surprised if that was something you would find in an OID. What OIDs are polled for F5 statistics? - SolarWinds Worldwide, LLC. Help and Support So given that you can't get system time from SNMP your best bet is probably to rig…

right now: agentless on windows, agent on linux The windows agent doesn't really give me much that isn't available via WMI but doesn't have the same reliability as WMI Linux net-snmp has a whole basket of problems that make the solarwinds agent preferable.

Yes you will want to run a discovery if you want to make bulk changes like that

From what I can see in the database the previous host values are not recorded anywhere when they get updated, so your best bet is to make a feature request to get one added. -Marc Netterfield Loop1 Systems: SolarWinds Training and Professional Services * LinkedIN: Loop1 Systems * Facebook: Loop1 Systems * Twitter:…

"Data source" is a unique object, you might, for example, want to use the same source for a report and a chart. For each time you want a different list of objects you have to create it as a new datasource. Sucks when you stumble across things the hard way. I think it would probably be more a bit better if it behaved the…

Unfortunately the Web based report builder UI doesn't seem to have been updated very well to reflect the data on the worldmap tables. I wrote up a SWQL query that does find what you wanted though, the key is to left join it to the worldmap.point table and look for null entries select n.caption as [Node] ,n.detailsurl as…

I would try to match it first by removing the keywords part, does it match on the event id as you would expect? If yes, then move on to testing the string match syntax, I feel like the multiple quote blocks you have in there could be complicating things.

Orion reports can't ingest your list of nodes normally, but you could create a custom property and import them via the custom property manager to set that property to whatever. Then just filter your report against the property. As usual, any time you need to splice an environment up based on any criteria you want, custom…

Yes you can do all those things before you load any nodes into monitoring, but unless you have a ton of hands on experience with the product I suspect it would be incredibly difficult to know exactly how you want everything to be before hand. I build out new environments and set up alerts/dashboards/groups all day for the…

I suspect that the reason the devs opted not to set up WMI scanning on IPAM was that WMI is measurably more resource intensive than SNMP. On the NPM/SAM side people are generally willing to make that trade-off for the additional information and convenience that is available, but I imagine someone must have thought at some…