cancel
Showing results for 
Search instead for 
Did you mean: 
rgaleazzi
Level 7

Advanced syslog parser is dead... long live to Log Analyzer

Does anybody know if there is a way to represent data with Log Analyzer as it was done by the syslog advanced parser widget ?

Since our upgrade the networking team is still complaining about the missing widget they used to have... Any suggestions welcome.

8 Replies
mesverrum
Level 20

Re: Advanced syslog parser is dead... long live to Log Analyzer

I was a bit bummed too about the lack of LA specific widgets as well, If you post a screenshot of an example of the log parser widget with data in it I could probably cook up a SWQL based replacement.

- Marc Netterfield, Github
0 Kudos
jhynds Product Manager
Product Manager

Re: Advanced syslog parser is dead... long live to Log Analyzer

A Log Summary dashboard, along with updated Node Details resources is something we are currently working on. I'll second Marc's comment above - if you could provide some screenshots of what you'd like to achieve it'd be great. Equally, if you'd like to set up a quick call to discuss further, just let me know.

uncle_fido
Level 7

Re: Advanced syslog parser is dead... long live to Log Analyzer

You can add a Custom Table widget and use custom SWQL query as datasource. This way you can even filter nodes, severity, etc. Changing filtering conditions will require the query modification though.

0 Kudos
rgaleazzi
Level 7

Re: Advanced syslog parser is dead... long live to Log Analyzer

Hi,

it would be nice include into the Orion Log Viewer at least the same widgets or a subset of them as we used to have before upgrading like the advanced syslog parser who did the job for my networking colleague.

This way people have time to get acquainted to the new interface and the power of its rules.

Capture.PNG

ahmee
Level 9

Re: Advanced syslog parser is dead... long live to Log Analyzer

Syslog and Trap widgets on nodes details page are not working after upgrading to OLV. Below are the names of widgets.

- Node Related XX Syslog Messages

- Last XX Syslog Messages

- Last XX Trap Messages

Does Solarwinds team have a plan to modify these widgets to use new log database?

0 Kudos
jvb Product Manager
Product Manager

Re: Advanced syslog parser is dead... long live to Log Analyzer

Yes, we do intend to create some new out of the box widgets based on the new tables... In the meantime you can use a custom query widget and the example query below on your node details page. (stolen from wesleykparker​ in another thread)

SELECT TOP 100 -- Edit this number for how many messages you want to load to widget (you can modify the widget for how many messages to page)

let.Name AS [Message Type]

,Level AS [Severity]

,TOLOCAL(DateTime) AS [Log Time]

,SUBSTRING(Message,1,100) AS Message -- Edit the last number for how many characters of the message you want to see

,CONCAT('YOURORIONURLHERE','/ui/orionlog/logviewer/now/1hours/',${NodeID},'/syslog') AS _linkfor_Message --Replace YOURORIONURLHERE with the address ex:  'https://orion.abc.com'

FROM Orion.OLM.LogEntry le

JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID

WHERE NodeID = '${NodeID}'

--AND le.Message LIKE '%${SEARCH_STRING}%' -- Remove The -- From beginning for the "Search SWQL Query" Box

ORDER BY DATETIME DESC

0 Kudos
mesverrum
Level 20

Re: Advanced syslog parser is dead... long live to Log Analyzer

I actually happened to be loading up my custom widgets for this use case into a client environment when I noticed this thread got updated.  This is the SWQL I use, a little bit less leg work for the end user and it attempts to clean up some of what makes traps super ugly

SELECT MessageDateTime

, let.Name as Type

,substring(Message,1,charindex('sysuptime',message)-2) as Message

, '/ui/orionlog/logviewer/now/24hours/${nodeid}/'+let.Name as [_linkfor_Message]

FROM Orion.OLM.LogEntry le

join orion.olm.logentrytype let on let.logentrytypeid=le.logentrytypeid

join orion.olm.MessageSources ms on ms.MessageSourceID = le.MessageSourceID

where le.nodeid=${nodeid}

and messagedatetime > addday(-1, getdate())

--and message like '%${SEARCH_STRING}%'

order by MessageDateTime desc

- Marc Netterfield, Github
frankmuhlstadt
Level 10

Re: Advanced syslog parser is dead... long live to Log Analyzer

Just what I was looking for!

0 Kudos