mesverrum · Observability Architect · ✭✭✭✭✭

There's an export button at the top of the main Log Viewer page, i don't have any data in my lab so I'm not entirely sure about the format it pumps it out in, but I'd start there. 

First, make sure that your routers/firewalls and various other bottlenecks are sending netflow where it is available. Then just go to the netflow summary page, look under the sources resource, expand the node that you are interested in checking, click the link to interface you are interested in and you should mostly be…

So it sounds like you may have turned on an alert to notify you regarding any changes to services? Tracing an alert event back to the rule that triggered your message is kind of a beast in LEM, you might be able to figure it out by looking at the internal lem events filter on the monitor tab to see when the alert fired and…

What you are showing doesn't look normal to me. Can you check your scheduled jobs list and see if there is duplicate entries in there? The way it should work is that each node completes the NCM jobs based on the poller that it is assigned to, one job should still cover all pollers.

So this query is pretty likely to time out just do to the sheer amount of data it would have to crunch unless you environment is very small. The interface in/out total bytes value is the total byes since the last time we polled. So to get to your situation we are going to have to add them all up for each interface from the…

One extra server for each system you want to protect with HA, so 5 new standby servers for everything you just described.

you can see exactly what it does by reviewing the logs for it, referenced in this kb Troubleshoot Orion database maintenance issues found by Active Diagnostics - SolarWinds Worldwide, LLC. Help and Support In short, it takes all the data that has aged out of the retention periods and rolls them up into the next larger…

In order to populate that data Solarwinds needs you to be monitoring those interfaces on both the server side and the switch side, and both devices have to support some specific SNMP OID's. Depending on the devices involved it can be pretty hit or miss getting those relationships to automatically populate. Topology related…

Does your query have any kind of order by at the end? the Custom Query widget gets mad when you use certain functions and don't tell it how to sort them. -Marc Netterfield Loop1 Systems: SolarWinds Training and Professional Services * LinkedIN: Loop1 Systems * Facebook: Loop1 Systems * Twitter: @Loop1Systems

yeah, if your report includes the orion.nodes table then add this to your selection nodes.detailsurl as [_linkfor_Caption] That linkfor function is case sensitive and if you have chosen a different name for the caption field then you need to use the same one on the linkfor Same sort of method can be used for any table with…

So the min/avg/max values are actually all the same on data as far back as you have for your "detailed" interface retention in the polling settings, defaults to 7 days. They only start to spread out once your data is getting condensed to the hourly/daily values. Where things can get a bit more complicated with the charts…

You probably need to be a bit more deliberate with your regex, I would try interface Vlan10\s and see if you had better luck, \s is white space including spaces, tabs, carriage returns or new lines. I typically use Regexr.com for regex testing but the logic it uses is not a 100% match for how orion seems to do it.

This is a goopd starting point - GitHub - solarwinds/OrionSDK: SDK for the SolarWinds Orion platform, including tools, documentation, and samples in Powe…

Yes. The more data you have in the database the more load it puts on the SQL server. It is writing more in with the increased polling frequencies and it is pulling more out to populate the charts at that level of detail, then the app/web server has top process more data to get the charts to render on the screen. Make sure…

This is one of my SWQL reports reworked for your conditions, show all alerts that took longer than 15 min to ack or reset. select ac.Name ,ah.Message ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:'+ToString(AlertObjectID) as [_linkfor_Name] ,EntityCaption as [Trigger Object] ,EntityDetailsUrl as…

You can, https://support.solarwinds.com/SuccessCenter/s/article/DPA-repository-Data-retention-policy

While it is good to get rid of monitors that you don't need and especially good to remove any of them that are not configured correctly, I will tell you that 10k limit is a bit of a cop out/red herring. In MANY cases the first line support doesn't seem to understand the nuance of the loads and are just spitting back a spec…

If you really want to get into the weeds of the back end terminology, its a legacy thing. See if you can dig up screenshots of NPM 10.0 and such and the terminology being used more closely tracks with how the UI worked at that time. When you spend time in the DB the answer to almost all of the "this doesn't add up" is…

The scenario you described with the legacy baselining is an exceptionally rare situation. It appears to me that you guys actually built a process very closely around the capabilities of NCM, so it is obviously a pain if the tool changes. In the field I would say 98% of NCM owners just ignored the baseline feature…

I'd think you will have better luck updating the orion.alertconfiguration.Trigger value. Alert active is more of a historical record of what happens after an alert fires. The alert configuration is where those decisions about what needs to happen are made. The trigger and reset are pretty big blocks of xml so it may take a…

This is the report I use for this situation, you may want to tweak it slightly for your use case but it has served me well. Add it into a custom query resource on one of your views. select n.caption as [Node] ,n.detailsurl as [_linkfor_Node] ,'/Orion/images/StatusIcons/Small-' + n.StatusIcon AS [_IconFor_Node]…

Was the node with a 0% avg down or unmanaged during that whole month maybe? Are you getting current SNMP stats or is the data showing up stale?

You'll just need to invoke the verb as described in this documentation from the sdk wiki: SolarWinds Information Service v3.0 Schema Documentation As far as finding out exactly how to format what you want, usually the easiest way is to create one in the GUI, then see how it shows up on the back end and write your code to…

Most l2 switches don't support netflow, some l2/l3 switches do. You would have to check the vendor documentation for your models to confirm if they support it and if there are any limitations and examples of the configuration. Once you have it set up on your side Solarwinds isn't terribly picky about netflow sources, as…

You could do this two ways, either by creating a custom table and using the GUI, or by using a custom query if you are into sql/swql. To do a table just add a custom table to the view, and when you go to configure the data source set it up like this, except change the comments custom property to the critical interfaces…

No way in the existing UI to do that, but when I've done this in SQL you would just need to change the viewid associated with the resources to the one you want, and probably shuffle around any conflicting row/column info. The relevant tables are called Views and Resources

I've felt that pain regarding the lack of search boxes that do what I need in various parts of solarwinds, here is a quick custom query that you can add to a page to reduce the pain of the work flow. Just add a Custom Query resource to your view and when you edit it check the box for Enable Search. First query goes in the…

How many actual objects are you expecting to find in that sea of ip addresses? I don't believe in having Orion just wandering through my networks guessing at stuff to try and connect with. Do you have actual lists of ips in use? Even using a seed router can be a pretty sloppy way to get lists of subnets. Router won't…

I wrote a SWQL resource that does this for me a while ago, tailoring it would require you to be comfortable in SWQL but it can be made to show or not show anything you want. SELECT o.AlertConfigurations.Name AS [ALERT NAME] ,'/Orion/NetPerfMon/ActiveAlertDetails.aspx?NetObject=AAT:' + ToString(o.AlertObjectID) AS…

The contents of the view will only refresh when the page loads. The "enable noc view " button on the view settings can set things so the page is refreshed every 10-30 seconds and is probably the most common solution for this kind of thing.