cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Advanced syslog parser is dead... long live to Log Analyzer

Does anybody know if there is a way to represent data with Log Analyzer as it was done by the syslog advanced parser widget ?

Since our upgrade the networking team is still complaining about the missing widget they used to have... Any suggestions welcome.

9 Replies
Level 7

You can add a Custom Table widget and use custom SWQL query as datasource. This way you can even filter nodes, severity, etc. Changing filtering conditions will require the query modification though.

0 Kudos
Product Manager
Product Manager

A Log Summary dashboard, along with updated Node Details resources is something we are currently working on. I'll second Marc's comment above - if you could provide some screenshots of what you'd like to achieve it'd be great. Equally, if you'd like to set up a quick call to discuss further, just let me know.

Syslog and Trap widgets on nodes details page are not working after upgrading to OLV. Below are the names of widgets.

- Node Related XX Syslog Messages

- Last XX Syslog Messages

- Last XX Trap Messages

Does Solarwinds team have a plan to modify these widgets to use new log database?

0 Kudos
Product Manager
Product Manager

Yes, we do intend to create some new out of the box widgets based on the new tables... In the meantime you can use a custom query widget and the example query below on your node details page. (stolen from wesleykparker​ in another thread)

SELECT TOP 100 -- Edit this number for how many messages you want to load to widget (you can modify the widget for how many messages to page)

let.Name AS [Message Type]

,Level AS [Severity]

,TOLOCAL(DateTime) AS [Log Time]

,SUBSTRING(Message,1,100) AS Message -- Edit the last number for how many characters of the message you want to see

,CONCAT('YOURORIONURLHERE','/ui/orionlog/logviewer/now/1hours/',${NodeID},'/syslog') AS _linkfor_Message --Replace YOURORIONURLHERE with the address ex:  'https://orion.abc.com'

FROM Orion.OLM.LogEntry le

JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID

WHERE NodeID = '${NodeID}'

--AND le.Message LIKE '%${SEARCH_STRING}%' -- Remove The -- From beginning for the "Search SWQL Query" Box

ORDER BY DATETIME DESC

0 Kudos

When?  its been months since you posted this and still nothing....  LA is terrible

I actually happened to be loading up my custom widgets for this use case into a client environment when I noticed this thread got updated.  This is the SWQL I use, a little bit less leg work for the end user and it attempts to clean up some of what makes traps super ugly

SELECT MessageDateTime

, let.Name as Type

,substring(Message,1,charindex('sysuptime',message)-2) as Message

, '/ui/orionlog/logviewer/now/24hours/${nodeid}/'+let.Name as [_linkfor_Message]

FROM Orion.OLM.LogEntry le

join orion.olm.logentrytype let on let.logentrytypeid=le.logentrytypeid

join orion.olm.MessageSources ms on ms.MessageSourceID = le.MessageSourceID

where le.nodeid=${nodeid}

and messagedatetime > addday(-1, getdate())

--and message like '%${SEARCH_STRING}%'

order by MessageDateTime desc

- Marc Netterfield, Github

Just what I was looking for!

0 Kudos

Hi,

it would be nice include into the Orion Log Viewer at least the same widgets or a subset of them as we used to have before upgrading like the advanced syslog parser who did the job for my networking colleague.

This way people have time to get acquainted to the new interface and the power of its rules.

Capture.PNG

I was a bit bummed too about the lack of LA specific widgets as well, If you post a screenshot of an example of the log parser widget with data in it I could probably cook up a SWQL based replacement.

- Marc Netterfield, Github
0 Kudos