mesverrum · Observability Architect · ✭✭✭✭✭

I'd be going down this same route too ^ the vcenter integration makes it so orion doesn't collect hardware information from SNMP, only from the vmware CIM data. There have definitely been bugs with vcenter CIM in the past.

For this scenario I always just removed the critical fragmentation threshold and switched my warning to only be above 95% for more than 24 hours. I don't generally consider index fragmentation to be a real problem I need to track as our DBA's run default jobs on all instances to maintain that sort of thing.

Memory utilization in Linux is something that seems to be eternally in dispute about how to "best" calculate it. I gave up on trying to force to square peg of SNMP to fit in that round hole or arguing with Linux admins about what they think should or shouldn't count. You can just get what you need from SSH shell scripts if…

Interface status != UP AND interface status != Unreachable should be the simplest way to ensure you don't get noise.

I didn't lab this all the way out to be sure, but I believe you might be able to get away with unpluggable = true and status = up for your condition. There's more fancy ways of doing it but I don't want to bog you down in unnecessary complexity if that's good enough. It might make your active alerts a little crowded and…

Patch manager supports rolling your own patches, I dare say that if you aren't doing so then you probably aren't utilizing PM anywhere near it's capabilities. It's nice that SW is able to provide a patch catalog for users, but waiting for them to get around to it would never be the best course of action on a major 0 day.…

I don't teach this class myself anymore now that I'm not a Loop1 employee, but I'd still recommend this as a decent place to begin: https://loop1.com/solarwinds-public-training/ The 301 is SQL/SWQL/Powershell and can REALLY step up your game as an Orion admin, but also applies to any software that uses SQL and/or an API.

In a past life I set up a gmail account to handle emergency backup SMTP server duties. More recently I actually hardly use email, first action for everything is just a call to our event managment platform (currently netcool, soon to be bigpanda). We dedupe and route everything from there. Secondary notifications might go…

So the 12,000 benchmark partially depends on your polling interval, that number assumes default values of 2m ping and 10m stats. Collecting stats at a 5m interval would be about to say each poller can only handle 6k elements. If you go to the Settings > Polling Engines you can see the current utilization in % terms to give…

There are many differences between the databases when you spread out versions that far apart. There is unfortunately no easy solution to bring your old data into the new format except to step through and do every intermediate version between the two as directed in the upgrade advisor tool. Because you are spanning many…

I've done this in the past when the maps tab got added to the default views. I'm sure the script could be reworked based on whatever they call the device view in the views table. github.com/.../AddMapTabToDetails.ps1

l do all my scripts by passing my ad creds with the trusted flag, then just execute the job under my service account $swis = Connect-Swis -Hostname $orionhostname -Trustedwhen i did used to keep creds i would use the -user -password flags, almost never personally used -credential

Add Order by Device to the end of your query and it will work, just tested in my environment. At some point the custom query resource started getting fussy about rejecting more complex SQL like unions and some forms of subqueries unless you tell it how to order them. 99% of the time if I can run it in SWQL studio but can't…

if your growth is linear and predictable then the forecasting can track that, erratic and sudden changes can't really be predicted by looking at historical data. In my experience 90% of outages where I've been occur due to unexpected growth because we long ago got used to running cleanup scripts and rotating log files and…

I'll mention when converting between SWQL and SQL one thing that trips people up are there are occasionally columns in the DB with slightly different names than their SWQL counterpart, or that exist in SWQL but don't even exist in SQL. I don't see any of those in your query but it does jam people up sometimes when you run…

the default timeout is 2500 ms, and when they say max it's just a single point in time. We can't infer how long it was showing that without a more elaborate query, and depending on how old the data is you wouldn't be able to break it down any more details than that.

This article should help support.solarwinds.com/.../Using-Fprobe-to-send-flows-from-a-Linux-box-to-NTA I don't have an off hand suggestion for a minipc or similar tool that I can say would definitely have enough horsepower, but essentially anything the runs linux and has fast enough ports and cpu will work. "Fast enough"…

No, i just remove that widget itself because it only works for companies that are 100% invested in the classes Cisco startup/run config model, which is less and less common.

With SQL all things are possible, but jumping across versions that old you are likely to have to do some manipulation and cleanup, unless you want to step through and do all of the required interim upgrades.

https://support.solarwinds.com/SuccessCenter/s/article/Not-receiving-user-data-from-domain-controllers-and-validating-active-directory-in-UDT?language=en_US Have you confirmed that the correct events are part of your windows audit policy? They are not on by default in AD.

Another trick you can do is manipulate the exit codes inside your script, https://documentation.solarwinds.com/en/Success_Center/SAM/Content/SAM-Script-Report-Status-Through-Exit-Codes.htm Exit 1 is a down, 2 is warning, 3 is crit

Also worth mentioning, Orion doesn't hard any outbound web requirements. I've installed it in countless segregated networks and in my current environment it is not on a segregated network, but we don't allow it to talk to external servers except a specific white list, our white list does not include SW stuff, just ours.

Try exporting the job, it creates it as an xml and i have in the past successfully modified the xml, imported it back in and been good to go.

you can also export the action as an xml file, then see if you can figure out how to modify that part of the xml to make the change you can import them back in.

Process logging isn't always turned on in Windows, but if it is then it's possible for you write rules to check for any kind of process. The slightly tricky part is establishing which processes are ok and which aren't. What I've seen people do for some similar cases is build a rule initially that builds a list of all the…

And if you want to do it really fast the way we would do it in the long lost era of '17 would be in database manager, something to the effect of: select ac.name as oldName, concat('NEWNAME - ',ac.name) as newName -- update ac set ac.name = concat('NEWNAME - ',ac.name) from alertconfiguration ac where ac.name like '%alerts…

Yeah I had leapfrogged over the impacted releases because we went about 18 months between upgrades that time around. Security was able to pull detailed logs of all communications in and out of the Orion server and found nothing suspicious so we were able to carry on. It actually turned out that somewhere in the company…

Depending on your environment 8 GB of ram might not be enough for the abuse, i run 32 GB on my primary server. When you see issues is the common symptom to have the info service eat up all the ram and the system generally becomes slow/unresponsive? In my experience running into that problem is usually caused by poorly…

This is the one I use for launching powershell and having it execute a script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "& {& "D:\PS_SW_Alerts\Msg.ps1" -alertObjectID ${N=Alerting;M=AlertObjectID} -objectID ${N=SwisEntity;M=NodeID} -alertName ${N=Alerting;M=AlertName} -node…