mesverrum · Observability Architect · ✭✭✭✭✭

You pulled the current value, not the historical values. You did manage to grab the timestamps from the historical table.

Only needs read only permissions,

Like silverbacksays​ told you, you need to investigate which alerts specifically were firing before and figure out if they were valid or some kind of noise. I often go into environments where there are out of the box alerts that have not been fully configured that are firing off hundreds or thousands of times a day. Ask…

No, and there is not a supported method of installing multiple agents on the same system. The usually recommended method from support for nodes that need to be monitored by multiple systems is that only 1 can use the agent and everyone else has to use WMI/SNMP

Unfortunately Orion will only hold a max of 180 days of detailed stats because going longer tends to lead to oversized databases and poor performance from the web UI. Daily averages can be held for several years, but you may want to have more granularity than the average of the metric across 24 hours. I find that in cases…

I would wager that the snmp interface index don't correlate across and everything in NTA is tied to those indexes so someone made the call to disappear them in some way during a failover. Does the old data come back with a gap when you fail back over?

Your problem was that you selected an application instead of a component, you always need to select the most specific object type when you are setting up these reports. You can do that with a custom table resource, set up the data source like this: Then when it asks you which columns you want to include just select the…

There are newer verbs to create credentials in Orion, so something COULD be built. But I have not heard of anyone else posting anything they built yet. I suspect you will be on your own, and the exact details of what you need from your integration will dictate if the existing capabilities will allow for it.

It looks like to me like you are missing some single quotes in your filter definition This is a snip from the script I use for group building @{ Name = "$application Nodes"; Definition = "filter:/Orion.Nodes[Contains(CustomProperties.Applications,'$application')]" } I know for a fact that the group creation api will not…

The built in integration only does incident generation, for anything else you would probably need to script up your own integration.

I'm not personally too familiar with the TACACS side of this but on the NCM side you can break your backup scheduled job into two parts, one pass for running configs and another starting a few minutes later for startups. Hopefully that gets around this issue for you if there isn't an easy way to fix it in the TACACS setup.…

My first Solarwinds environment was a great learning opportunity. AKA, an inherited train wreck. I was a brand new CCNA working my first gig as a "Network Technician" position where it turns out that only 5% of what I did in any given week was networking at all. My first day they asked me "Hey can you jump onto this server…

Unfortunately the database stores that data in an XML layout that makes it a real chore to parse out, you could see an example of what you'd be working with using this query in SQL SELECT * FROM [dbo].[AlertConfigurations] Specifically your are interested in the Trigger and Reset Columns, an example of one is below for the…

If you go to Applications > SAM Summary > Manage Applications > Application Monitor Templates > Create New Template > Add Component Monitor, then select either Process Monitor - SNMP or Process Monitor - WMI based on what you are polling the nodes with, then you can set up a process monitor by typing its name in. But I…

I dare say that powershell might be a better way to find this than LEM, for a few reasons I will get into later but to the immediate question: Windows service starts are associated with eventid 7035, so if you filter against SID *7035* that should get you all the service start events that you are recording. Probably filter…

To the best of my knowledge the built in syslog receiver in NPM doesn't support secure syslog, at least I never saw any mention of it but I've never tried. Hopefully someone from SW internally can chime in. As far as the 17777/8 they are using the tls as configured/negotiated on your Windows servers SWIS - Encryption over…

Under the new SAM licensing model APE's are free and unlimited. Under NAM APE's are also free and unlimited. The HA covers the whole server pair and everything on it, and with NAM licensing you can have as many HA pairs as you like. I suspect that you will not have anything to worry about.

SWQL is a little less flexible with complex queries than SQL, you can do them but sometimes the formatting needs more than just tweaking the table names. In this case you need to do that as a nested select, or join the selections, what you have is more a series of separate queries. I'm about to start working with my client…

Alertconfigurations is current, definitions is legacy from older versions.

It is possible to apply report limitations that are independent of being an admin or not, but it is kind of uncommon. Under your account/group you should see report limitations like this, most people it is default. Then go to the Report Manager screen and check like this to see if any limitations are being applied to the…

The tool for adding in custom SNMP OID monitors is called the universal device poller, SolarWinds Orion Network Performance Monitor Universal Device Poller UnDP - YouTube But The UNDP does not have any built in color coding to reflect states. It can display the whatever the of the OID is, and you can show those in Atlas,…

Applications are just a grouping of 1 or more components, they inherit their status from their worst component. Components will normally be in just a few states: Up - Everything is good Down - Solarwinds either cannot complete the test that the component requires, or the component has completed the test and failed. For…

Don't make the object of the alert a group, the object of the alert should just be nodes if you want an alert on each node.

I think you are going to be out of luck, I've never come across anything in the system that tracked when a report was run historically. I just ran some in my lab to test and could not see any historical record created in the events or audits. 

And just to clarify, the all alerts resources are sensitive to view limitations, but only for the category of objects in the limit. Its kind of weird how it works but if you put in a limitation based on a node property then it will only show you Node alerts with that property, but it still shows all alerts for any object…

timt​ I poked around and it looks like IPAM.subnet.comments is what maps to that field

There is a feature where an alert can over ride a node status and set it to something different. I personally avoid it because it can be kind of a pain to make sure the status over rides work correctly and I trained my users to know that the node status is only indicating that the node is reachable from Orion and we use…

Just like it says, 12.0.1 won't install onto SQL 2017, you would need to upgrade in place to 12.2 or newer, then migrate the upgraded DB to your SQL 2017. Or you can do something funky like installing the current release and taking your backup and restoring it on a compatible version, then upgrading that, then migrating it…

Solarwinds themselves doesn't usually test all the possible network devices to see if they work, they work under the assumption that if your hardware has SNMP then there will be some degree of compatibility. Depending on the device and what information the vendor made available in SNMP you will have different metrics that…

Given the extra overhead groups put on your system I would suggest just setting something like a true/false custom property and applying an account filter against the property instead of a group, but otherwise I believe you are on the right trail.