mlandman ✭✭✭✭✭

If you want to see (and alert on) if the services are up, you could modify this (Perl). It can take up to 10 command line processes as well as whatever you put into the $coreProcs array. It returns a user friendly message and 0 for OK and a non 0 for any non-running processes: @coreProcs = ("splunkd", "crond"); $cp = "";…

OK now I have gone Big Stick and set enabled to 0 for all pollers on the node and the interfaces. No change. The router and it's interfaces just keep on polling...

You can limit the alerting on groups so events and alerts are not generated during "down" times. Not quite the same, but might do the job.

Same issue here. Setting up an auto-discovery set last time took 30 jobs. We have very slow links on nearly 600 remote sites and the jobs take forever!!! to run Even though importing volumes can be automated now, you need to go in and delete the dead volumes. Total PITA.

There is a property of "Last time UP" on components. I believe that this is used in a Component Alert to calculate the conditions longevity. So for you, max timings: * -00:00:00.0001 Component polls for condition and all is well * 00:00:00 - "Bad Thing" happens on the node/application * 149.99999999 seconds later, alert…

Cisco 4321 router SysObjectID - 1.3.6.1.4.1.9.1.2093 Shows in SolarWinds as Machine Type "Cisco" (incorrect and useless) Shows in Hardware Health as model ISR4321/K9 (correct)

The forwarder run as a service, standard running or not monitoring. If you wan to automate a restart after it crashes, you must delete the lock file ([install_location]\var\run\splunk\conf-mutator.pid). If the service exits gracefully, it removes the file. If the service is running, there is an exclusive lock on the file.

OK, here you go... I ran into the same issue trying to use Get-WMIObject to pull a file object so I could delete a lock file after a Splunk Universial Forwarder service failure on Windows. I am using the procedure to create an encrypted password file on all pollers and using that and ${USER} to build a credential object…

Still on 11.5 ...so sad...

Cross posting this in SDK...

Prob #1: I do similar things successfully. Try moving all trigger conditions into the first block. Try something similar to this: or I'm not clear on what issue are experiencing on prob #2

Ping...Any input from the community? I have 667 nodes that do NOT have their loopback addr as their polling addr. This caused the device to alert as down when the polling addr fails. This is false alerting, the node is NOT down, just the interface SW picked (at random?) to poll on. The loopback addr, is down DOES mean the…

Here is a feature/functional request... in SQL we have single character wild cards, RIGHT(), LEFT() and ISNUMERIC(). It would be great to have these in SWQL. I use these a lot to evaluate host names to decode the name to its functionality.

Nailed it!!! We had 7. cleaned them up and Ta Da!!! Any idea how that happens that true/false gets it's evaluations messed up?

OK, I still think this is a BUG in how SAM passes credentials... I added an explicit credentials pass and it works: $drives = get-WmiObject win32_logicaldisk -Computername $server -Credential ${CREDENTIAL}| where driveType -eq 3 | where Size -NotLike $null

Worked as a charm, but it was not "inherited" when I changed the template settings. BTW,,,I have SAM 6.1, so "older" might be current Thanks

More to the point... I want to populate a custom property based on a node's group membership.

I opened a ticket and got 2 rote answers... * Restart services... * Run the configuration on the DB ... I'll end up hacking the DB

...same deal for Apache

First question... Are all ~6,000 devices seen in SolarWinds? Second... Are there only HP or only Cisco devices being discovered? It is a bit unclear if this is a reporting or discovery issue. If this is a discovery issue, make sure you are using SNMP community strings that cover all your devices. By default, discovery…

This works on Red Hat (Perl script via ssh) use threads;use threads::shared;#File system stats output: inode alert if =< $ARGV[0]@stdOut1 = split("\n", `df -i -P | grep -vi filesystem`);$fsName = "";$iUsed = "";$errMsg = "Inode percent free is OK on all mount points";@AlertInode="";$errCnt = 0;foreach $el (@stdOut1){…

Any one have an update on this?