Comments
-
Just something I noticed, we get an eventid 4625 (failed logon) logged immediately when it fails in the windows security event logs. Going to relay that to support.
-
Case #01199327 has been submitted for this issue I'll relay any updates as they come.
-
I have this same issue and to date haven't identified a fix. My workaround is to use certificate locally (its a bad practice as it has limited audit trails) and switched most my scripts to run from remote hosts to avoid hitting the problem... The interesting piece is if you specify the same creds manually it works. It's…
-
I may not be explaining this right. There's currently no native way to do what you want in the actions of an alert (it appears..) That said you CAN achieve it, and have the alerting engine do the initiation of actions and the scripts (called via Run an external program action) do the heavy lifting to send the GET/POSTs and…
-
No - if you script it you have a lot more flexibility. Powershell can store the responses in a variable (so could most all other scripting languages). In PowerShell you could use Invoke-WebRequest or Invoke-RestMethod for example.
-
"MonkeyNutsAlerts" Love the custom property name... and I'm hoping thats the real name in production
-
I don't believe the alerting engine actions can do that natively hence why I mention scripting. If you use the "Run an external program" action you could run a powershell script that sends a web request.. parses your response / output and then maybe dumps the required data into a custom property. Then your next action…
-
What's the output of the SWQL query below look like from the "Orion.AlertHistory" table. I don't have something I can get a valid post to etc. so I've got no "data" to look at in SWQL studio but perhaps you or anyone else does? SELECT -- COMMENT: Identify our fields/columns to extract from the table entities ah.TimeStamp…
-
Am very curious... digging ;)
-
I haven't personally used the send GET/POST request action but I always thought the intention of the action was to send/push data elsewhere. I didn't think the action could store or utilize any data returned.
-
Some great starting points for your source SWQL query in the modern dashboards content exchange. Below is a link to a great on that has a good alert SWQL query for use in a modern dash. Assuming you track your Department in a custom property you could filter all of it with said custom property. The source SWQL (since its…
-
What does your powershell code look like (start to finish) now, could you provide it? This works for me without issue...
-
What did you define as the alert object for the alert? It's further up on that view but not in your screenshot.
-
You can just install the module - but it must be installed into a location in the path of the user attempting to run it (in this case Network Service). The system locations to put PS modules are C:\Program Files\WindowsPowerShell\Modules C:\Program Files (x86)\WindowsPowerShell\Modules maybe even here if needed too but the…
-
Ahh I should have caught that. The verb needs 3 paramaters in the array. 1) entity uri 2) start time Utc 3) end time Utc or $null .. not providing this param may be the same as providing $null with the end result of an indefinite mute So this should work: $now = (Get-Date)::UtcNow $2hoursFromNow = $now.AddHours(2)…
-
Try sending the $entityUris by itself and not wrapping it as an array so: .... SuppressAlerts $entityUris
-
I haven't tried with an APE or web server will need to give that a go... but I can add that I use the vIP just the same with all my API connections (powershell, rest/json etc.), all works. Is there a firewall between the system and the main server or vIP or maybe a load balancer?
-
Unknown is just that. SolarWinds doesn't know what the status of that application is at the time polled. That could be because the underlying polling technology was failing, login failures (maybe issue with agent etc.), maybe an undefined dependency went down and it couldn't poll it, or the most likely is it timed out when…
-
Hey there @"ConnorS68", Give this query a go, have done this before and to be honest I don't have the exact query in front of me to reference but I think it's close. There's also a couple portions in your query that weren't necessary so I didn't include them. Hope this helps but let me know if you run into issues with it.…
-
This all looks correct and perfectly normal. If you look under Settings --> All Settings --> Polling Settings, you can see the retention settings and there's a reason that's important. The defined polling retention settings tell Orion when to summarize data. The flow is usually like this and the summarizations occur during…
-
Glad to help, wonderful littler easter eggs!
-
If you download the 2020.2.6 HF5 installer (online or offline) -- that's what will get installed. No option to install anything older. If you want to reinstall with a specific version, you need to download the appropriate offline installer for that version from your customer portal. I think most the offline installers are…
-
@"jmpenney01", Expanding on what @"sguido" provided, I think the best way to do this would be via a custom SQL variable. I say that because when you use a SWQL variable, it MUST be tied to an entity table in the Orion API. It's not ideal for conversions (but possible). I just prefer it in SQL when I don't need to select…
-
When you run your queries in SWQL Studio, just append WITH QUERYSTATS at the end, and you'll get a new tab at the bottom next to your results that says "Query Stats", in there you can find the actual SQL query in the first row.
-
Hmm, what version are you on? Doing exactly that works for me in my lab.. My lab is on 2022.3 RC2 though, but if I just remove the Order By clause at the end, the query validates. With Order by: Without Order by:
-
From the netflow perspective, do you have netflow enabled for the interface/vlan thats routing traffic to the internet? From there you could just pull a list of the unique internal hostnames and ip addresses that are communicating out (assuming the interface/vlan is dedicated for internet traffic). I'm sure there's a SWQL…
-
Try removing the order by at the end.
-
Yeah the data essentially is not 100% reliable acrross platforms. There's the age-old counter rollover issue.. also if the SNMP service restarts that resets system uptime so as to appear the system rebooted. Generally speaking SNMP is flawed as a protocol for this purpose and is exactly why reboot alerts I put "possibly"…
-
@"Chris2172", Clever and works for sure, but you shouldn't need to manually do that in the database. You can import supernets, subnets and ip addresses into IPAM. documentation.solarwinds.com/.../ipam-import-spreadsheet.htm
-
@"LatteLarry"... I didn't even notice your powershell sorry. When piping to remove-swisobject it should only be a list of Uri's. So a simple way to do that in your existing script is changing $uris | remove... to $uris.Uri | remove....
