mesverrum · Observability Architect · ✭✭✭✭✭

I also just jumped back to the beginning of the thread where your initial question was that you only really wanted 3 of the values from this whole table anyway. Just figure out what row you want to poll and stick that on the end of the OID So if we are starting with this to get the whole…

Ah yeah, because we are doing the sum/min aggregations you have to also add those additional columns to the group by section. group by i.interfaceid, int.FullName

You set the label when you were creating the UNDP, it had a prompt on maybe the 4th screen if i recall correctly. Anyway you can just change it by loading the UNDP tool, find your poller right click and go to label 1, Change the radio button from the default value of interfaces 2, find your vendor and the device you want…

Nothing that's out in the open. I did it twice in the past just by looking at the tables and building SQL scripts basically on the fly to insert the equivalent object in a new environment. Don't have anything saved because at the time it seemed very straightforward, but I work in SQL all the time, sorry.

There is no separate syslog/trap function for each module in Orion, they all just use that same data for different purposes.

Looks like I made a mistake in the version I posted before, needed to assign a name to the column in SWQL or it wont run. Try this ${N=SWQL;M=select top 1 substring('${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}',charindex('locIfReason','${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}')+17,20) as message…

Keep in mind that making that change to the retention is likely to increase the size of your database by at least 2-4x.

Another possible workaround, depending exactly on the details of what you are doing in your script and if you have SAM, would be to install the SAM agent on the servers in the segregated network and run a scripted monitor that has the remediation built into the code from there. For a really rudimentary example, if I had a…

I'm not saying not to do that, im just letting you know that syntax will not work for certain types of alert objects so you just need to watch out and test it before you copy paste it into all your alert actions, you need to use the correct syntax for other objects. I hate to do the hard sell, but it seems appropriate here…

sounds like you've got the idea, although I would avoid being as granular as sharepointowners and linuxowners, that is very likely to require you to create dozens of properties. In most cases just "owners" works, but in depending how you split your duties you might have applicationowners who want to know if the node is…

You would probably want to coordinate that one with a DBA or your SME for the application, but I would assume a reasonable test would be to execute a modified version of one of the queries that the client systems execute, if it fails or exceeds the time threshold then that tells you the client can't execute it. The…

I should have got on top of this myself to harvest those sweet sweet Thwack points With winter coming I need to get some socks

The trick is to make sure the query always has at least one row, usually through doing something dumb like starting off the query by pointing the alert at the object that triggered it select isnull(neighbor.caption, 'Not Found') from nodes n left join nodes neighbor on neighbor.ip = '${N=SwisEntity;M=NeighborIP}' Where…

Assuming your custom property is called Company and the company name = 'Microsoft' select ,n.caption as [Server Name] ,'/Orion/images/StatusIcons/Small-' + n.StatusIcon AS [_IconFor_Server Name] , n.detailsurl as [_linkfor_Server Name] ,case when n.cpuload < 0 then 'Not Polled' when n.host.nodeid is not null and…

That would be my understanding yes, tdanner​ might be able to confirm

Not with SWQL, it only supports displaying plain text, icons, and making the text into a clickable link. If you were reallllllly dedicated you could create an icon of a bar chart for each percentage, so something like bar-1.gif through bar-100.gif and use them in the iconfor section but it feels overkill

You'd have to open up the tables I reference in the db and see what the raw data looks like for one of the incidents with the wrong user. The logic it uses its first to get all the nodes that are currently unmanaged, then it checks the audit history for the most recent event where a user unmanaged that node and it pulls up…

SELECT 'Unmanaged' as [Status] ,n.Caption AS [Node] ,tostring(tolocal(n.UnManageFrom)) AS [From] ,case when n.UnManageUntil is null or n.UnManageUntil = '9999-01-01 00:00:00' then 'Not set' else tostring(tolocal(n.UnManageUntil)) end AS [Until] ,case when n.UnManageUntil is null or n.UnManageUntil = '9999-01-01 00:00:00'…

I do all of these using custom SQL/SWQL queries, there is no native function to do so in the UI.

Custom SQL/SWQL variables in Orion alerts only allow you to pull back a single cell of data, not a table or list. The work around that I have always seen for that is you can use the for xml path SQL function to convert a table of values into a long string formatted with line breaks and such so the email client parses the…

So there are a lot of ways clustering groups can be set up in SQL, I find that in places with AAG then each instance should have an AAG Listener address. I point my appinsight template at these preferably. For failover clusters you point them at the cluster address. Now circling back to your earlier point about not getting…

I personally don't do the custom aspx stuff because I don't know how to write .net yet but if you dig around on thwack you can find examples of people who have written their own resources and loaded them into the appropriate directories of the inetpub folders to get them integrated within the Orion web console. Then you…

Rather than having to build multi-part sql filters all over the place this is a case where I usually just create a single custom property called "HasSQL" with a yes/no value and exclude nodes with a 'yes' from things like Memory utilization alerts, most dashboard views, etc. It also makes it handy for if you ever want to…

I've never done it myself with the snmp traps but you can load up some custom SQL into the alert message by using the Insert variable button and at the bottom find the custom variable option.

funny, looks like they don't remove the muted timestamps from the db after the schedule ends, wonder when it gets cleaned up? anyway I added some logic to exclude events where the timestamp has already passed SELECT 'Unmanaged' as [Status] ,n.Caption AS [Node] ,tostring(tolocal(n.UnManageFrom)) AS [From] ,case when…

I was modifying an existing template as a one-off, but the syntax I was messing with was basically just regex with capture groups. Building the logic wasn't rocket science but to build one completely from scratch would be a pretty significant amount of work to create all the rules.

The line with the where condition specifies which host, in the screenshot I posted it was aggregating like 10 firewalls "where (asa.node.caption like ' your host(s)' "

You are correct, and it is granular down to the ms. You can see by looking at the timestamps for just about any data point in the db, I pasted below an example from my lab showing from one poll to the next for a bunch of devices on a 10 minute interval, you can see they are mostly staggered every few seconds, but sometimes…

I'm familiar with your world map query, it's great, but i use a version of it that is modified to drop all the site based groups on the map. I auto generate groups as they are added to the system using a powershell script and the nodes get their sites properties populated from the sites aux table method you came up with.…

So the problem is that the report building needs you to specify the most specific object as the type of object you want to report on. If you pick custom undp poller then you will also have access to all the properties of the parent node, but if you start at a node report you can't get into the more granular stuff. This…