Long time Orion user, but first time dealing with LA specifically. I realize it's licensed per log source, not by log volume, but it seems like there should still be a report, or ideally a widget showing the log volume? If there is one, I'm not finding it nor am I getting much from Google. Is this data available somewhere, short of just checking the size of the database?
I've used this SQL query before to find "top talkers" for sending traps/syslog.
SELECT lems.Caption AS [Node Name], lems.IPAddress AS [IP Address], lems.Vendor, lems.MachineType AS [Machine Type], COUNT(le.logentrymessagesourceid) AS [Message Count]
FROM [SolarWindsOrionLog].[dbo].[OrionLog_LogEntryMessageSource] lems
INNER JOIN [SolarWindsOrionLog].[dbo].[OrionLog_LogEntry] le ON le.LogEntryMessageSourceID = lems.LogEntryMessageSourceID
GROUP BY lems.Caption, lems.IPAddress, lems.Vendor, lems.MachineType
ORDER BY COUNT(le.logentrymessagesourceid) DESC
You can create a Report with a Custom Table, or add a Custom Table resource to a view and use Custom SQL as the data source.
Here's a screenshot from running it when showing a client what was filling up their log disk.
You could probably adjust the SQL to include the message type (syslog/trap).
On another note; there's probably a hiccup somewhere in converting the Report Builder to a SWQL query but when I tried to create the above report using the GUI (same columns), the report would time out. The SQL query ran in ~3 seconds, so I left it as a SQL datasource.
Are you interested in overall volume or broken down by node? There is no default view or report to cover that but if you are at all familiar with creating custom widgets and reports using SQL / SWQL, you can find what you need in the LogEntry and LogEntryMessageSource tables. I believe if you join those together on the SourceID you should be able to get counts both overall and by node.
Thanks for the response. I was hoping to avoid the custom SQL/SWQL route, but could do that if necessary.
Ideally volume by node to identify "noisy" devices and total volume. Unless I'm blind, I don't see the log/event database total size reported anywhere either. Database manager/statistics only reports the main Orion database info as far as I can see. So right now in my test case, it's reporting a 4.3Gb DB size when in fact the event database is 90Gb. In general it seems a bit odd to have a logging product that doesn't give you any details regarding the volume of logs it's getting.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.