cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

LA Log Volume?

Long time Orion user, but first time dealing with LA specifically.  I realize it's licensed per log source, not by log volume, but it seems like there should still be a report, or ideally a widget showing the log volume?  If there is one, I'm not finding it nor am I getting much from Google.  Is this data available somewhere, short of just checking the size of the database?

0 Kudos
3 Replies
MVP
MVP

I've used this SQL query before to find "top talkers" for sending traps/syslog.

SELECT lems.Caption AS [Node Name], lems.IPAddress AS [IP Address], lems.Vendor, lems.MachineType AS [Machine Type], COUNT(le.logentrymessagesourceid) AS [Message Count]
FROM [SolarWindsOrionLog].[dbo].[OrionLog_LogEntryMessageSource] lems
INNER JOIN [SolarWindsOrionLog].[dbo].[OrionLog_LogEntry] le ON le.LogEntryMessageSourceID = lems.LogEntryMessageSourceID
GROUP BY lems.Caption, lems.IPAddress, lems.Vendor, lems.MachineType
ORDER BY COUNT(le.logentrymessagesourceid) DESC

You can create a Report with a Custom Table, or add a Custom Table resource to a view and use Custom SQL as the data source.

Here's a screenshot from running it when showing a client what was filling up their log disk.

image.png

 

You could probably adjust the SQL to include the message type (syslog/trap).

On another note; there's probably a hiccup somewhere in converting the Report Builder to a SWQL query but when I tried to create the above report using the GUI (same columns), the report would time out. The SQL query ran in ~3 seconds, so I left it as a SQL datasource.

0 Kudos
Product Manager
Product Manager

Are you interested in overall volume or broken down by node? There is no default view or report to cover that but if you are at all familiar with creating custom widgets and reports using SQL / SWQL, you can find what you need in the LogEntry and LogEntryMessageSource tables. I believe if you join those together on the SourceID you should be able to get counts both overall and by node.

0 Kudos
Level 9

Thanks for the response.  I was hoping to avoid the custom SQL/SWQL route, but could do that if necessary.

Ideally volume by node to identify "noisy" devices and total volume. Unless I'm blind, I don't see the log/event database total size reported anywhere either.  Database manager/statistics only reports the main Orion database info as far as I can see.  So right now in my test case, it's reporting a 4.3Gb DB size when in fact the event database is 90Gb.  In general it seems a bit odd to have a logging product that doesn't give you any details regarding the volume of logs it's getting.

0 Kudos